I am asking about krbtgt password in Active directory which is used to encrypt tickets issued by KDC,what i know is that this krbtgt account has a security issue that it's password is rarely changed. but when i run net user krbtgt /domain i found that it's password expires after 45 days,i wonder is this policy changes recently and what's is the default password expiration date for this account in windows 2016 and 2012 ?
Asked
Active
Viewed 710 times
1 Answers
0
Password expiration only applies to accounts that logon. The krbtgt account is disabled and does not logon, so password expiration would not apply.
If you want to change the password, which you should do periodically, you can do it using AD Users and Computers. The actual password you supply will not be used as AD assigns a random password to the account. The password also needs to be changed twice, with the second password change occurring the following day.
More information:
Greg Askew
- 35,880
- 5
- 54
- 82