Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Keep administrator account out of group policies

Status
Not open for further replies.
mquinn0908

mquinn0908

Technical User
Jul 3, 2002
335
US
I have a new 2003 domain and we are preparing to implement group polices especially regarding passwords and I was wondering if the administrator account is included in these or if it excluded. If the administrator account is included in the group policies is there anyway to make sure it is not. I do not want my adminstrator account to have password policies associated with it as I don't want polcies to dictate passwords for this account and I especially I don't want this account to get locked out. Thank you.

Mandy
MCP/A+/Network+
 
Sort by date Sort by votes
Set the account to password never expires?

You typically can't lock out an Administrator account.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
 
Upvote 0 Downvote
Open the properties for the Group Policy and click the Security tab. Find the administrator group you do not want the policy to effect or add the group to the policy and select the Deny check box for the Apply Group Policy permission.

Joey
A+, Network +, MCP
 
Upvote 0 Downvote
We've just got an OU unit called 'Admin' and have the adminstrator and a few other accounts in there.

In that OU's group policy settings just enable the 'block inheritance' and select the 'No-overide' option (this prevents any other policy overriding this one).
 
Upvote 0 Downvote
As a general rule you can exclude any particular user or group by blocking inheritance or checking the "Deny" box next to "Apply group policy" for that user (on the Security page of the GPO). However, the password policy can only be set in the Default Domain Policy at the root of the domain, and it applies to all domain users, including admins.
 
Upvote 0 Downvote
Also, if you find that you're having to DENY users in a lot of policies, it's time to rethink how you're structured. Setting individual rights on policies increases processing time.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
308
DrB0b
DrB0b
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
382
goombawaho
goombawaho
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
449
gbaughma
gbaughma
James281
  • Locked
  • Question
Enrolment agent (enrol on behalf of) stopped working
Replies
1
Views
108
mikehook
mikehook
Scparks
  • Locked
  • Question
Trouble with setting up a SMTP Relay to Office 365
Replies
0
Views
103
Scparks
Scparks

Part and Inventory Search

Sponsor

Back
Top