Hello All, we have started to testing the SCCM and OOB and our security guys catch us that the Configuration manager is making computer objects in AD with non expiring password. So i want to ask you if it is possible to change this option and still be able to use the SCCM OOB Management for its purpose? Thanks in advance. With best regards, Kindim

Yes. You can manually disable the never expired password option on OOB computer account but no such option is provided in sccm. There is a specific maintenance task for maintaining the AMT password periodically in SCCM.Configuration Manager China R&D Bloghttp://blogs.technet.com/msdchina/

Hello Jerryliu, thanks for your reply. I want to ask you, if it is possible SCCM to create this computer objects in AD not as CN=Person, but as CN=Computer. This way they will not appear in the reports for the user accounts which has non expiring password. Reagrds, Kindim

There is also no such option. For your report, it's possible for you to filter out the OU of AMT account.Configuration Manager China R&D Bloghttp://blogs.technet.com/msdchina/

Hello Jerryliu, thanks for your quick answer. I will inform the security guys with this information. Hopefully this will be enough for them. With best regards, Kindim