ndalmolin_13
asked on
I can't set domain admin accounts so that the user cannot change the password
Hello AD Experts,
We have several generic accounts that are being used as service accounts on our domain. A hand full of these accounts are domain admin accounts (I know this is not a good configuration, but I have to work with it for the time being). Any ways, I want to set these accounts up so that a user that logs in with the account cannot change the password. I have tried setting the 'User cannot change password' attribute in Active Directory Users and Computers, but 30 minutes after I select this attribute, something is deselecting it. I have looked through our GPOs for something that would be deselecting the attribute, but I have not found anything (but I could be looking in the wrong place). My questions are these:
1. What could be causing my selection of this attribute to revert back to the unselected state?
2. How can I configure these accounts so that the user cannot change the password?
Thanks in advance for your help.
Nick
We have several generic accounts that are being used as service accounts on our domain. A hand full of these accounts are domain admin accounts (I know this is not a good configuration, but I have to work with it for the time being). Any ways, I want to set these accounts up so that a user that logs in with the account cannot change the password. I have tried setting the 'User cannot change password' attribute in Active Directory Users and Computers, but 30 minutes after I select this attribute, something is deselecting it. I have looked through our GPOs for something that would be deselecting the attribute, but I have not found anything (but I could be looking in the wrong place). My questions are these:
1. What could be causing my selection of this attribute to revert back to the unselected state?
2. How can I configure these accounts so that the user cannot change the password?
Thanks in advance for your help.
Nick
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER