RE: active directory password policy

From: Vedran Matica (Vedran.Matica_at_span.hr)
Date: 02/08/05

  • Next message: James Eaton-Lee: "RE: active directory password policy"
    Date: Tue, 8 Feb 2005 09:37:13 +0100
    To: <focus-ms@securityfocus.com>
    
    

    There is a script on Microsoft' Script Center that will help you to list
    when a password expires for a specific user.

    http://www.microsoft.com/technet/scriptcenter/scripts/ad/users/pwds/uspw
    vb08.mspx

    With some scripting knowledge you can modify it so it lists all users
    and even send e-mail to "critical users".

    Best regards,

    Vedran Matica, MCSA

    -----Original Message-----
    From: William Stegman [mailto:stegmanw@comcast.net]
    Sent: Friday, February 04, 2005 11:10 PM
    To: focus-ms@securityfocus.com
    Subject: active directory password policy

    Does anyone have any experience with remote users who do not login to
    the domain on a regular basis or at all, and have a password expiration
    policy in effect? We can't seem to come up with a good plan to handle
    these users. They only occassionally access domain resources such as
    webmail via the Internet or an internal website to do timesheets via
    vpn, and will not have the luxury of logging on to a machine connected
    to our LAN and getting the warning about soon to expire passwords. If
    our policy dictates passwords expire every 90 days, how can we avoid the

    inevitable calls regarding password resets?

    thx

    /William Stegman - Network Administrator///

    TransCore - Hummelstownd

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: James Eaton-Lee: "RE: active directory password policy"

    Relevant Pages

    • Re: [kde] exporting from kmail (Was: Kmail2/Akonadi issue on FreeBSD.)
      ... I handle all my lists thru gmane.org, ... instances of claws for mail and feeds, but I did go to the trouble to ... bailed on kmail & went to claws, and see just how hard it would be to ... running the script for that purpose as available on the claws-mail ...
      (KDE)
    • [Full-Disclosure] Re: [0day] ExploitLabs.com CGI Script Irony (was: Vote Today)
      ... It is also my belief that Donnie Werner's ... For the benefit of the lists, ... Filtering Flaws in ExploitLabs.com CGI Script ... Donnie's script insecurely sanitizes the "host" URI parameter. ...
      (Full-Disclosure)
    • Re: sysconf -- a sysctl(8)-like utility for managing /etc/rc.conf et. al.
      ... For those reasons I am not supportive of adding this to the base at ... | internals of the script would be added to rc.subr so that they could be ... cc'ing multiple FreeBSD lists. ...
      (freebsd-hackers)
    • Re: cp/mv with verify step?
      ... script), so a quick'n'dirty check would be to see if the last argument ... is a directory (in which case you append each source filename in turn) ... for every "target" file. ... Generating the lists *could* be scripted, ...
      (comp.os.linux.misc)
    • Re: checking dns records from named.conf
      ... > I have already modified your script to read named.conf file and parse it ... generated lists to tell me which of the 20 nameservers I'm responsible ... to detect sub-domains of zones we also hold. ... Writing something to keep a single DNS platform neat and tidy is on my ...
      (freebsd-isp)