Password Policy with GPO

Winsoup used Ask the Experts™
If I set up a GPO that says passwords expire every 90 days but in Active Directory I have some accounts set to Never Expire and User Cannot Change Password. Which one is going to take precedence? Do I need to create a deny rule for those to not change or is having it set up this way good?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Never expire means that password expiration will not affect this account.
User Cannot Change Password means exactly that, user can not change password and because his password will not expire, there will be no need to change password.


Ok, just wanted to make sure the Group Policy wouldn't override those settings.
Toni UranjekConsultant/Trainer

No, but it will trigger password change for all other user accounts at next log on.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial