Individual user accounts with the "password never expires" option checked will override the domain password policy you specify. And yes, you can only set one policy, and it must be at the domain level. Interestingly enough, I believe in order to set the granular policies in Windows 2008, both your forest and domain functional level must be 2008.
Thanks, James Winzenz Infrastructure Systems Engineer II - Security Pulte Homes Information Services -----Original Message----- From: John Hornbuckle [mailto:[email protected]] Sent: Wednesday, March 04, 2009 9:32 AM To: NT System Admin Issues Subject: RE: Password Policy Change One other question about this. My understanding is that I can only set one policy for the domain, and it will apply to everyone (we're not at a 2008 functional level, so I can't use fine grained password policies). If I configure Group Policy to have passwords expire by have the "Password never expires" option selected for an account, which setting wins? Does the "Password never expires" option overrule the GPO? -----Original Message----- From: John Hornbuckle Sent: Wednesday, March 04, 2009 10:52 AM To: 'NT System Admin Issues' Subject: Password Policy Change Right now, our users' passwords don't expire. We're looking at changing that. My question is this... If I decide to enable password expiration, how is the expiration date calculated for my users? Let's say that today I set passwords to expire every 60 days. Will all current users' passwords expire 60 days from today? Or will all current users' passwords expire today, if those passwords are 60 days or older? John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
