> I know account policies are domain wide but if you
put a user in an OU
> and block gpo inheritance, can you make
that user have a non-expiring
> password while everyone esle is subject to the
normal AD password policy?
Well no, that is what they mean by domain wide...
The password policy GPOs apply to the computers, not
the users. It just has impact on users.
You can have individual non-expiring userids by setting
them individually to be non-expiring. Look at the account options, specifically
- Password never expires.
> I know this is bad security practice
but can it be done this way?
No. But yes, you are right, this is bad, almost always
universally bad.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Thursday, April 27, 2006 3:32 PM
To: activedirectory
Subject: [ActiveDir] Exclude one account from password policy
I know account policies are domain wide but if you put a user in an OU
and block gpo inheritance, can you make that user have a non-expiring
password while everyone esle is subject to the normal AD password policy?
I know this is bad security practice but can it be done this way?
Thanks
