Password Policy with GPO

Winsoup used Ask the Experts™

on 2015-08-19

If I set up a GPO that says passwords expire every 90 days but in Active Directory I have some accounts set to Never Expire and User Cannot Change Password. Which one is going to take precedence? Do I need to create a deny rule for those to not change or is having it set up this way good?

Comment

Watch Question

Do more with

EXPERT OFFICE^® is a registered trademark of EXPERTS EXCHANGE^®

View Solution Only

Toni UranjekConsultant/Trainer

Commented: 2015-08-19

Never expire means that password expiration will not affect this account.
User Cannot Change Password means exactly that, user can not change password and because his password will not expire, there will be no need to change password.

Winsoup

Author

Commented: 2015-08-19

Ok, just wanted to make sure the Group Policy wouldn't override those settings.

Toni UranjekConsultant/Trainer

Commented: 2015-08-19

No, but it will trigger password change for all other user accounts at next log on.

Do more with

Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial

Explore our Suite of Services

Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial

Facebook
Twitter
LinkedIn
https://www.experts-exchange.com/questions/28706902/Password-Policy-with-GPO.html copy

Password Policy with GPO

Premium Content

Premium Content

Explore our Suite of Services