In our organization (under SOX controls) we cannot allow Admins to create new or change existing AD accounts to allow "Passwords Never Expire" on any account. While we can say "don't do it" people still do.
How can I disable the option to even CHECK that box completely from the AD interface? GPO? If so, has anyone done it, or can someone help me do that?
Thank you so much!