| trad3rj03 -> Maximum Password Age (Nov. 10, '05, 11:26:53 AM) |
Symantec's ESM product is showing invalid maximum password age. The maximum password age for expiring (user accounts) is supposed to be 90 days. However, non-expiring accounts obviously do not need to have an expiration date. I have a scenario where a mixture of these (generic and user) accounts are not configured with the max password age. Obviously, the generics if given a maximum password age will become expiring accounts so for now they are out of scope. However for the multitude of accounts that are user owned, the policy needs to be implemented to assure that they all are expiring after 90 days or need a password reset. Problem is that there are about 2000 or so accounts on a multitude of servers. So I was hoping to make the global configuration change to the server, to automatically set the user accounts to implicitly use the default configuration in the event upon initial configuration they were not given a maximum password age. The subsequent problem will be the fact that generics will automatically also become expring accounts. Is there a way to do a global change only for user accounts and not generics? Looking at the Admintool GUI for user administration, the way the generics appear to be configured is basically by leaving the configuration information blank for (Min change, max change, max inactive, expiration date, and warning). Is there a way to explicitly configure generics to be non-expiring without leaving these fields blank? Thanks. |
|
|
|