How to change Maximum Password Age through GPO

[shirzay]

My server comes up with a message your password will expire in so many days would you like to change your password, after every 42 days. But I want to keep the same password. to acheive that I opened the GPO and under Password Policies I clicked on Maximum Password Age to disable it but it is grayed out and does not allow me to change anything. It must be something very simple please let me know how to disable the maximum password age through GPO.
THANKS

[mrforgetful]

You will find policies for this here:

Computer Config > Windows Settings > Security Settings > Account Policies > Password Policy

[elsiegee40]

Do you want to do this for everyone, or just you?

In Active Directory, find your user; right click and go to properties; select the account tab and check "Password never expires"... that applies regardles of Group Policy

[Andie]

You will find policies for this here:

Computer Config > Windows Settings > Security Settings > Account Policies > Password Policy

I think @shirzay knows where to find it, but is saying it is grayed out and he can't change it. I have just checked my domain policy and I can edit it fine - no graying out. But I don't know enough about GPOs and their interdependencies to know why a GPOs setting would be grayed out. Perhaps there is another GPO higher up that overules the one @shirzay is trying to edit???

[mrforgetful]

Oh yeh sorry, see this is why I have to read every word and can't skim through like most people!

I've no idea why a policy would be grayed out. It would not matter if there was a setting higher up negating the option in a policy lower down, one would just get overridden.

[strawberry]

are you using an administrator account?

[PinkLed5]

If you want to change the password requirements (such as password age and complexity) for all users you do so through Administrative Tools. Look for Domain Security Policy and then Account Policies and then Password Policies. You should be able to make the changes from here and they will be reflected when you view them in the Group Policy window.

My server comes up with a message your password will expire in so many days would you like to change your password, after every 42 days. But I want to keep the same password. to acheive that I opened the GPO and under Password Policies I clicked on Maximum Password Age to disable it but it is grayed out and does not allow me to change anything. It must be something very simple please let me know how to disable the maximum password age through GPO.
THANKS

[Jobos]

Further to this. How do I enforce password age just for users in an OU? As I just want staff to change their passwords and not students who are in a different OU.

[mrforgetful]

It's a machine setting, you could try using Loopback Processing but I'm not sure it will work very well.

[Andie]

Further to this. How do I enforce password age just for users in an OU? As I just want staff to change their passwords and not students who are in a different OU.

Create separate policies for the different user groups (you may already have these - eg. Student Policy, Teacher policy, etc.), put the setting for password age in these, link the policies to the relevant OUs, then remove password age from the domain policy? Someone more experienced than me should be able to confirm this or tell you if I'm speaking rubbish!

[stormrider]

Do you want to do this for everyone, or just you?

In Active Directory, find your user; right click and go to properties; select the account tab and check "Password never expires"... that applies regardles of Group Policy

this guy is right i tried it and it worked do this.
are you on a domain because domain setting override local settings.
so your users or the users of the domain don't have there own settings
on your domain.

if not then sorry then its something else but that works if your on a domain

[powdarrmonkey]

Create separate policies for the different user groups (you may already have these - eg. Student Policy, Teacher policy, etc.), put the setting for password age in these, link the policies to the relevant OUs, then remove password age from the domain policy? Someone more experienced than me should be able to confirm this or tell you if I'm speaking rubbish!

No, password policies are an exception to this unless you're using Server 2008. Anything else can only have one password policy per domain.

[Gatt]

You can have granular Password Policies (Ie Different OU's have different password Policies) with Windows 2008 IIRC..

[john]

Sorry to dig this one up, but has anyone actually got the separate 2008 Password Policies working? I'm trying to set my staff to change every 30 days (to meet LEA policy and my new AUP which was based on the LEA guidelines), and then want to have students at every 90 days (more due to us being short staffed so it will reduce the forgotten password calls about students). I've tried in a few places on 2008 to set them separate but no joy it only looks at the domain one, which I've set to 0 days etc thinking that would get over-ridden by the individual ones. I've enforced the policy but still no difference.

Any thoughts, google seems to be throwing blanks and useless-ness at me and I dind't find anything coming up on here apart from lots of us saying its possible.