Why does W2k allow blank passwords even with GPO configured?
From: sd_wireless@yahoo.comDate: 09/25/02
- Previous message: bhavani.suresh: "RE: I'm falling my hairs with this domain gpo problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 25 Sep 2002 14:35:56 -0000 From: <sd_wireless@yahoo.com> To: focus-ms@securityfocus.com('binary' encoding is not supported, stored as-is)
We have a Domain GPO set that requires at least 8 characters in a
password, keeps a password history of 24 passwords to prevent password re-
use, and requires at least one day between password changes to prevent
someone from cycling through passwords and coming back around to the one
they were using. However, on accounts that existed before the GPO was
applied these restrictions are only partially taking affect.
For example, on any of these pre-GPO accounts, I can set a blank
password). Even though I can set a blank password I cannot set a password
with 1-7 characters. The password must either be blank or at least 8
characters. This occurs both from the Active Directory Users and Computer
MMC, and if a user does a CTRL-ALT-DEL and selects "Change Password".
For users that are created after the GPO exists, I cannot assign a blank
password. Obviously the GPO is applying or any password less than 8
characters would work. Still, since I have set a minimum at 8, why does it
let me set a blank password?
- Previous message: bhavani.suresh: "RE: I'm falling my hairs with this domain gpo problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
