Steve, John, just noticed your replies.

Steve, the good news is, the service accounts for SQL Server / Agent are controlled at the domain level, and do not expire.

As for the SQL Logins, my employer treats the DOD STIG documents as bibles. The STIG for SQL Server mandates expiring passwords, therefore passwords *must* expire. Sucks, really. Worse, the Oracle passwords are controlled by Oracle, so there's a profile set up to only expire the passwords every 365, but with SQL in a domain, the domain policies apply. Which means every 60 days...

So far, I've not enabled the check password expiration, both because I'm in the midst of migrating DBs to a new server, and because I don't want a sudden mad swarm of angry users...