realtimer
asked on
SBS 2011 - Prevent users from being able to change their own passwords (via Group Policy)
Hello,
We are running a Windows SBS 2011 server.
I would like to implement a global change via Group Policy (or a more recommended option) to prevent users from being able to change their own password.
The [long ugly] way would be to go to Active Directory Users & Computers and check the "User cannot change password" for each and every user. I'm hoping there is a better way to do this. Especially since I'd like this to take place automatically for any newly created users.
Any recommendations would be greatly appreciated.
Thanks in advance.
Regards,
Real-Timer
We are running a Windows SBS 2011 server.
I would like to implement a global change via Group Policy (or a more recommended option) to prevent users from being able to change their own password.
The [long ugly] way would be to go to Active Directory Users & Computers and check the "User cannot change password" for each and every user. I'm hoping there is a better way to do this. Especially since I'd like this to take place automatically for any newly created users.
Any recommendations would be greatly appreciated.
Thanks in advance.
Regards,
Real-Timer
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Lee W, MVP
Most organizations want to improve security. Could you enlighten us as to what your business requirement is that mandates weakening security? Since domain admins can change ANYONE'S password, why is a user changing their password a bad thing?
I fully agree with Lee, but I will also tell you that "the long, ugly way" is not at all long or ugly.
You can select multiple objects in AD and change the setting for all of them at once.
You can select multiple objects in AD and change the setting for all of them at once.
ASKER
LockDown - Thanks. That was helpful.
Lee & Jeff - unfortunately this is an environment that is dictated by on-prem I.T staff and management. We furnish our recommendations but they ultimately make the call.
Regards,
Rudy
Lee & Jeff - unfortunately this is an environment that is dictated by on-prem I.T staff and management. We furnish our recommendations but they ultimately make the call.
Regards,
Rudy