Domain member: Maximum machine account password age

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Domain member: Maximum machine account password age


This security setting determines how often a domain member will attempt to change its computer account password.

Default: 30 days.

Configuring this security setting

You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

For specific instructions about how to configure security policy settings, see Edit security settings on a Group Policy object.


  • This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.

For more information, see: