I recently installed Exchange 5.5 SP3 on my company’s network. I’ve been testing it for the last month and have a serious security problem. In order for a client (which is Outlook 2000) to connect to Exchange, the user must have his password set to “password never expires”. If I do not mark this in User Manager for Domains, then the user cannot connect. So, now I have to set the users password and they cannot change it. We do have a Policy on Password Expiration set on the server, but it is set to not expire for 45 days and the Exchange server has only been up for 25 days. I am actually having this problem when I first create the user (in NT and Exchange) and set up Outlook for the first time for the user. I have to set them to “password never expires” before they can ever connect at all. I found this out only because I set mine and the other administrator with password never expires and then our accounts worked, so for now,I set our users up that way as well. Any suggestions as to how I can fix this
