Active Directory Strong password policy

[melbert2002]

Hello all,
I have a dilema. Due to some compliance issues, we need to enforce a strong password policy for all users on a domain and change them every 90 days. This is not a problem, the problem comes in where we have user accounts that run scheduled tasks, as well as the administrator account that runs some tasks, and a few other custom accounts that are running some websites.

We are in the process of cleaning this up.

Here is the problem, we want to have some users ie "administrator" or "IUSER" not have the option of changing the password, we want to make it VERY VERY complex, like 25 charictars, print it up put it in an envelope and toss it in the safe and never use the accounts, accept for adding a new website which happens maybe once a year if that.

Anyways, I want to change the Group Policy, but im afraid that the users that run the scheduled tasks passwords will be forced to change and not run, which would be both a pain and we need the tasks to run.

Is there a way of enforicing strong passwords for users, but leave the system passwords alone?

Thanks

 

[kmcferrin]

Find those accounts in AD, and check the "Password never expires" box. They will still have to meet complexity requirements, but the password will never expire.