Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Keep administrator account out of group policies

Status
Not open for further replies.

mquinn0908

Technical User
Jul 3, 2002
335
US
I have a new 2003 domain and we are preparing to implement group polices especially regarding passwords and I was wondering if the administrator account is included in these or if it excluded. If the administrator account is included in the group policies is there anyway to make sure it is not. I do not want my adminstrator account to have password policies associated with it as I don't want polcies to dictate passwords for this account and I especially I don't want this account to get locked out. Thank you.

Mandy
MCP/A+/Network+
 
Set the account to password never expires?

You typically can't lock out an Administrator account.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
 
Open the properties for the Group Policy and click the Security tab. Find the administrator group you do not want the policy to effect or add the group to the policy and select the Deny check box for the Apply Group Policy permission.

Joey
A+, Network +, MCP
 
We've just got an OU unit called 'Admin' and have the adminstrator and a few other accounts in there.

In that OU's group policy settings just enable the 'block inheritance' and select the 'No-overide' option (this prevents any other policy overriding this one).
 
As a general rule you can exclude any particular user or group by blocking inheritance or checking the "Deny" box next to "Apply group policy" for that user (on the Security page of the GPO). However, the password policy can only be set in the Default Domain Policy at the root of the domain, and it applies to all domain users, including admins.
 
Also, if you find that you're having to DENY users in a lot of policies, it's time to rethink how you're structured. Setting individual rights on policies increases processing time.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top