The domain password policy is just that; for the entire
domain. Your block inheritance scenario won't work because it's not the
user account that determines what the domain password policy is. You can,
however, set a specific account for 'password never expires', which
prevents the max password age from being enforced for that user. It
doesn't remove the need for complexity, minimum length, etc,
though.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Thursday, April 27, 2006 2:32 PM
To: activedirectory
Subject: [ActiveDir] Exclude one account from password policyI know account policies are domain wide but if you put a user in an OU and block gpo inheritance, can you make that user have a non-expiring password while everyone esle is subject to the normal AD password policy?I know this is bad security practice but can it be done this way?Thanks
