I'm trying to seperate all of my outside users and configure them with a password never expires policy. Prior to my being here someone set this up by putting a check mark in "Password Never Expires" on about 150 user objects. I would like to change this for this one container so that the password policy is controlled through a group policy object to make password updates among other things easier to roll out.
I've already created a new policy for their container with the option Maximum Password Age = 0. According to what I've read this will tell the computer that the password should never expire. I've isolated this container down to just this one computer policy and no matter what I do my user is prompted to update the password when I try to log in. Output from the client is below:
#GP Results with only the Admin policy in place (Admin policy is where I get my password settings from)
C:\WINDOWS>gpresult
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 5/12/2010 at 3:16:58 PM
RSOP results for **Removed for post**\jhinkle on 28015081H : Logging Mode
------------------------------------------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: **Removed for post**
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\jhinkle
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=28015081H,OU=IT Administrators,OU=User Accounts,DC=IKDIST,DC=com
Last time Group Policy was applied: 5/12/2010 at 3:10:05 PM
Group Policy was applied from: **Removed for post**
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Admin Polcies
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Accounts Group Policy
Filtering: Not Applied (Unknown Reason)
Local Group Policy
Filtering: Not Applied (Empty)
Accounts Group Policy
Filtering: Disabled (Link)
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
28015081H$
Domain Computers
USER SETTINGS
--------------
CN=Joe Hinkle,OU=IT Administrators,OU=User Accounts,DC=IKDIST,DC=com
Last time Group Policy was applied: 5/12/2010 at 3:10:44 PM
Group Policy was applied from: **Removed for post**
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Admin Polcies
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
IT
Domain Admins
Exchange Organization Administrators
Exchange View-Only Administrators
Exchange Public Folder Administrators
Exchange Recipient Administrators
#This is what the domain policy is telling me about my password settings.
C:\WINDOWS>net user jhinkle /domain
The request will be processed at a domain controller for domain **Removed for post**.
User name jhinkle
Full Name Joe Hinkle
Comment
User's comment
Country code (null)
Account active Yes
Account expires Never
Password last set 3/2/2010 12:06 PM
Password expires 4/14/2010 10:54 AM
Password changeable 3/2/2010 12:06 PM
Password required Yes
User may change password Yes
Workstations allowed All
Logon script **Removed for post**-mail_backup.bat
User profile
Home directory \\**Removed for post**\users$\jhinkle
Last logon 5/12/2010 3:12 PM
Logon hours allowed All
Local Group Memberships *Administrators
Global Group memberships *IT *Exchange Organization
*Domain Users *Domain Admins
The command completed successfully.
Can anyone tell me am I going the right route for applying password settings like this? As I understand it the changes I've made on Maximum password age should tell it not to try and change the password.