• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1128
  • Last Modified:

How to restrict domain users from changing password using group policy

Hi ,
I want to set "Password Never Expires" and "User can not change the password" option for my domain users using group policy. Is there any way to do this.. Pls let me know..

Thanks in advance,
  • 3
  • 2
1 Solution
There's a way using AD. Just select a use and go to the Account Tab, and select "Password never Expires" and "User can not change the password".

If you are interested in doing this to many users in an OU, just highlight all users > Properties > Account Tab > Under Account Options enable "Password never Expires" and "User can not change the password".
Here is how to set the password never expires portion.
Also you can select all your users  at once in ADUC then right click and choose passwords never expire.
Going forward when you add new users you will need to check mark that field when creating the user
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

zzingalalaAuthor Commented:
I tried it by selecting all users and then changing the settings as told by "ryansoto:" and "pzozulka:" but some how it is getting deselected for few users, that's why i want to do it using group policy.

Is there any option in Group Policy to do this ?
User Configuration>Administrative Templates>System>Ctrl+Alt+Del Options>Remove Change Password>Enabled

However, this only prevents them from changing the password from Ctrl+Alt+Del. There are other ways to change passwords, which is why instead of hiding a button from them, it would be best to all together remove the ability to change a password within AD itself the way I specified earlier.

Some users are getting deselected, because they were once selected. Make sure that you go through all the user accounts and make sure everyone is on the same page (deselected). Then follow the instructions in my 1st post.
Change user can not change password

Implement password never expires
In this thread there are 2 solutions.  I using the dsquery command.  This will change password never expores to yes through the command line.
There is also another solution that will allow you to do it through group policy.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now