Ask the Expert

Setting the Win2k default domain admin password to expire every 45 days

I have a Windows 2000 network in a financial institution. Recently the auditors told me that I need to have the default domain administrator password expire every 45 days. Is there a way to set this? Isn't this also going to effect any service that is installed and running on the 20 servers I have? Please help, I can't find this information anywhere! Thank you for your help.

    Requires Free Membership to View

You can set this on any domain controller in your domain. Open up the domain security policy and browse to the password policy. Change the maximum password age to be 45 days. This will only effect services on your servers if you are running services off domain accounts. If you are, you will need to log onto those servers every 45 days and reset the service passwords also. It is good practice to change your passwords every 45 days, but having the system force you can be a headache with domain admin accounts. I recommend setting your own domain admin policy and manually changing them every 45 days.


For more information on this topic, visit these other SearchSecurity.com resources:
  • Best Web Links: Securing Financial Services/Banking
  • Best Web Links: Passwords
  • Best Web Links: Securing Microsoft Products/Platforms

    This was first published in March 2003

  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: