On Apr 7, 2005 11:32 AM, Christine Allen <[EMAIL PROTECTED]> wrote: > Thanks. The reason for this is we have domain level service accounts for > SQL and Exchange, etc. We don't want those to change those passwords. How > do you folks handle these? Thanks for all your help!
On those accounts you can set the account to have the password never expire, but as joe already mentioned this is a security risk. For now I'd say check that setting on the service accounts you can't change on a regular basis and start developing password change procedures for all of those service accounts. Also, I'd recommend requiring a password change procedure for any new service accounts that get created and force them to follow the password expiry time right from the get go. Phil List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
