What GPO would do this? I don't know of any GPOs that would force UAC flags like this...
It sounds like the work of a scheduled script / program to me. There is absolutely nothing built into AD that would prevent having both "password never expires" and "cannot change password" boxes ticked; in fact, this is a very common config for service accounts. --Steve On Fri, Jul 13, 2012 at 12:51 PM, Jonathan Link <jonathan.l...@gmail.com>wrote: > Sounds like a group policy setting is undoing your changes... > > > On Fri, Jul 13, 2012 at 12:40 PM, <pdw1...@hotmail.com> wrote: > >> When a user account is set up in AD, they set "Password never expires." >> Now, they want to go back and add "user cannot change password." However, >> when they do make the change, it only holds for a few minutes and then >> reverts back. If I uncheck 'never expires' and just select 'user cannot' >> within a few minutes both boxes are blank. >> I know that these settings are set at user account creation, but I didn't >> think they were set in stone. If not through the AD gui, can they be >> changed with PS? >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin