How to prevent a user from changing the domain password on a specific computer?

A

Adel1ne2015-06-02 09:33:56

System administration

Adel1ne, 2015-06-02 09:33:56

Hello!
Domain users are required to change their password every 45 days. Users often connect to different terminals and it happens that they are prompted to change their password when logging into the terminal, especially when the validity period has already expired.
The bottom line is that this conflicts with our security system (eToken), which is not on the terminals, and when changing the password on the terminal, problems arise with this very protection.
In short, the question is, how can you prohibit changing the domain password on a specific machine (terminal). Is it real at all? On terminals stand Win Server 2008 R2.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Sergey, 2015-06-02
@bk0011m

You have a domain!
Move this computer to a separate OU and create an individual policy for it

A

Adel1ne, 2015-06-02
@Adel1ne

You can't, we don't manage the domain.

V

Vitaly Pukhov, 2015-06-02
@Neuroware

I advise you to do as Sergei advised , this is a more correct decision in every sense. Terminals should have a separate domain with their own security policies.