zzingalala
asked on
How to restrict domain users from changing password using group policy
Hi ,
I want to set "Password Never Expires" and "User can not change the password" option for my domain users using group policy. Is there any way to do this.. Pls let me know..
Thanks in advance,
I want to set "Password Never Expires" and "User can not change the password" option for my domain users using group policy. Is there any way to do this.. Pls let me know..
Thanks in advance,
Here is how to set the password never expires portion.
Also you can select all your users at once in ADUC then right click and choose passwords never expire.
Going forward when you add new users you will need to check mark that field when creating the user
Also you can select all your users at once in ADUC then right click and choose passwords never expire.
Going forward when you add new users you will need to check mark that field when creating the user
ASKER
I tried it by selecting all users and then changing the settings as told by "ryansoto:" and "pzozulka:" but some how it is getting deselected for few users, that's why i want to do it using group policy.
Is there any option in Group Policy to do this ?
Is there any option in Group Policy to do this ?
User Configuration>Administrati ve Templates>System>Ctrl+Alt+ Del Options>Remove Change Password>Enabled
However, this only prevents them from changing the password from Ctrl+Alt+Del. There are other ways to change passwords, which is why instead of hiding a button from them, it would be best to all together remove the ability to change a password within AD itself the way I specified earlier.
Some users are getting deselected, because they were once selected. Make sure that you go through all the user accounts and make sure everyone is on the same page (deselected). Then follow the instructions in my 1st post.
However, this only prevents them from changing the password from Ctrl+Alt+Del. There are other ways to change passwords, which is why instead of hiding a button from them, it would be best to all together remove the ability to change a password within AD itself the way I specified earlier.
Some users are getting deselected, because they were once selected. Make sure that you go through all the user accounts and make sure everyone is on the same page (deselected). Then follow the instructions in my 1st post.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you are interested in doing this to many users in an OU, just highlight all users > Properties > Account Tab > Under Account Options enable "Password never Expires" and "User can not change the password".