Our auditors are objecting to our having Domain Administrator and domain system accounts with passwords that never expire.
Yes, we change some of these passwords from time to time, but they’re normally set to never expire.
We are wondering about how other companies do it, since we’ve never heard of any IT Dept. that had such a policy, and we think the auditors are being
unreasonable — forcing password expiration on such accounts could be a logistical nightmare as it would cause critical services to stop running.
We’re not that big, but we do have about 30 servers and 200 users to support. There’s only 1 Win2K domain, with Exchange 2K, SQL and other
resource servers.
Please post your experiences and opinions.
Thanks.
