jfexchange
asked on
Outlook Web Access user prompted to change password every 45 days
I have a user account that is prompted to change its password every 45 days when logging into OWA. I have disabled any configured settings in Group Policy regarding password change; yet this user account is still prompted. I am running a Win2k3 server running Exchang2k3 and have not been able to find any other settings pertaining to this policy. Can anyone suggest a way to get rid of this configuration or suggest why it may be occurring? This account only uses OWA and is not logging into the domain.
Many Thanks!
Many Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This has caused me much confusion in the past, I have to admit, and I have found four locations for settings that can affect password behaviour. Group Policy, Domain Policy, Domain Controller Security Policy, and (if the server is a member server) Local Security Policy. I have never managed to work out how these combine, and which takes precedence.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for all your comments, I don't see how local computer policy could affect an account logging into OWA in this instance since the system is not part of the domain and the user account is only authenticating via owa. There is only one GPO in effect which is the default domain policy. The mail server is also a DC but the password policy is not defined in the domain controller policy either. I had checked this account object previously and password never expires was checked which I also thought was the catch all, are there any other setting that can negate this one?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your input Vahik, I actually mispoke, that system may have been on the domain at one point so, even though it is off the network now,there maybe a remnant of the original domain policy still cached on that system somewhere?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks all I, I have tried all these, we'll have to wait another 45 days and see if it comes back again!
just to make sure.....XP has a new feature where u can store different users name and password for logging to differnt domains....it is in control panel\user account\advanced....make sure it is clear if the user is using and XP machine..