I have an administrator who I believe is doing some of the girls in the office a favor by checking "password never expires" in thier account in active directory users and computers, allowing them to keep their password the same as their username. This obviosly bypasses the password policy that I have in place.
The problem is (for various reasons both legitimate and political) all admins need full administrative rights to the domain, and delegation is not an option.
Is there anyway that I can disable the ability to, or grey out the "password never expires" checkbox for specific users, or if neccessary for all?
If there were a registry hack or a schema change that could be done in order to do this, I am pretty sure that none would be savvy enough to reverse this, or even try to since I think they would get the hint
Thanks in advance