vrijdag, november 24, 2006

Microsoft: password policy limitations

I sometimes get asked what the limitations are for the default password policy in a Windows AD domain. Here goes:
  • You can only enforce one password policy per domain
  • Password Never Expires: If selected, the password for this account never expires. This setting overrides the domain account policy. Generally, it's not a good idea to set a password so it doesn't expire because this defeats the purpose of having passwords in the first place. But it is useful in combination with service accounts
  • Should be applied on the ROOT domain container

Geen opmerkingen: