Educause Security Discussion mailing list archives
Re: Active Directory Password Policy for functional accounts?
From: Brad Judy <win-hied () BRADJUDY COM>
Date: Mon, 3 Dec 2012 08:54:51 -0700
You can use the LastLogon attribute for the housecleaning aspect and disable accounts that haven't logged in for X days. Brad Judy From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rick Baker Sent: Monday, December 03, 2012 6:34 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Active Directory Password Policy for functional accounts? We are wondering what other higher education institutions are doing with their functional accounts in active directory. The functional accounts are for service purposes that we implemented 180 days password policy but service could break after the password expires - some are asking to enable "password never expires" (PNE) on these accounts. Other question is if we enable PNE on accounts, how do you keep track of which accounts are being in use or not for "housekeeping" to keep our active directory clean? Rick
Current thread:
- Active Directory Password Policy for functional accounts? Rick Baker (Dec 03)
- Re: Active Directory Password Policy for functional accounts? Brad Judy (Dec 03)
- Re: Active Directory Password Policy for functional accounts? Fowler, Stephen (Dec 07)
- Re: Active Directory Password Policy for functional accounts? Brad Judy (Dec 03)