Re: user default password checking tool



Machiavel,
That is a good question. I am not sure that it will raise the bad login count. The function is not logging in it is changing the password.
I will have to check this out.
Terry

---------------------------------------------------------------------------
Terry Lowery - tlowery@xxxxxxxxxxxxxxxx
Systems Engineer - Swift Systems, Inc.
Your True Technology Partner
www.SwiftSystems.com
Toll Free : 877-Swift-Si
Local : 301-682-5100
Fax : 301-682-5082

- Hosting and Collocation
- Broadband Internet Access for Business
- Network Engineering and Support Services
--------------------------------------------------------------------------



Machiavel wrote:
Terry,

Nice script idea but one question, if you choosed to block the account
after let's say 3 unseccesful attempts, is your script going to count
as one attempt ??


Thanks


On 9/25/06, Terry Lowery <tlowery@xxxxxxxxxxxxxxxx> wrote:
I wrote a vb script a while back that set users password to what I
wanted it to be and set the user must change password flag.
I changed the password to the current default password that way they
could still log in with out my support but they had to change the
password to something else.
The function I used to change the password required the current user
password to be correct.

Here is how it worked:
-Change the password
current password "name123"
new password "name123"
-If this is successful than set the user must change password flag.

-If the change password failed then move on to the next account.

The way this would work in this situation would be to run the change
password function using the password you setup as default for the user
and instead of setting the password must be change flag just log the
user name to a file.

If you are interested in the script email me and I will see if I can dig
it up.





Alexander Bolante wrote:
> Josh's suggestion is good for you to note when creating "future" AD
> accounts.
>
> For your immediate need, that is, determining whether "current" AD
> users have changed their password from the default 'name123' you have
> a few options. I've used the following in the past and ran these
> scripts on one of the DCs. Of course, you'll need to decide what
> impact/risks are involved with running it, when to run it, etc. but
> they're minimal and shouldn't impact performance too much because
> they're just reads. It obviously depends on your network, # of
> accounts to scan, etc.
>
> Here are the links:
>
> http://www.microsoft.com/technet/scriptcenter/resources/qanda/jul05/hey0705.mspx

>
> http://www.rlmueller.net/PwdLastChanged.htm
>
> Wordsmith the scripts from the sites above and run a few tests to get
> the results you want e.g. you may want to do only 10 reads.
>
> Good luck and let us know how it goes.
>
> Cheers!
> Alexander
>
> On 9/22/06, Josh Parker <josh.g.parker@xxxxxxxxx> wrote:
>> If you are in an Windows 2003/2000 domain enviroment, you can simply
>> setup option on the acount to Force a user to change there password
>> upon the next login. To keep the user from using the same password,
>> you can set Password History to remember the last password, (the last
>> 3 passwords is a good recomendation) You can also set it to require
>> complex passwords when they change there password. You can also set
>> the password age, so they have to change it after a sertain amount of
>> days.
>>
>> Hope that helps
>>
>> JOsh
>>
>> On 9/14/06, vijay shetti <vijay.shetti@xxxxxxxxx> wrote:
>> > hello all!!
>> >
>> > In my company when we create a new user he is given an initial
>> > password.But then he is told to change the password.The password is
>> > initial of the employee name followed by 123..
>> > for vijay shetti it willl be vs123...
>> >
>> > We have a domain based environment.I want to check now how many users
>> > have not changed their initial password using some tool that gives me
>> > list of usernames whose password has 123 in the end.
>> >
>> >
>> > We follow the same procedure for creating outlook mail password.If
>> > there is any tool/script that also helps me find out this then it will
>> > greatly help me.
>> >
>> >
>> > Waiting for your reply,
>> > Pavan.
>> >
>> >
>> ---------------------------------------------------------------------------

>>
>> > This list is sponsored by: Norwich University
>> >
>> > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
>> > The NSA has designated Norwich University a center of Academic
>> Excellence
>> > in Information Security. Our program offers unparalleled Infosec
>> management
>> > education and the case study affords you unmatched consulting
>> experience.
>> > Using interactive e-Learning technology, you can earn this esteemed
>> degree,
>> > without disrupting your career or home life.
>> >
>> > http://www.msia.norwich.edu/secfocus
>> >
>> ---------------------------------------------------------------------------

>>
>> >
>> >
>>
>> ---------------------------------------------------------------------------

>>
>> This list is sponsored by: Norwich University
>>
>> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
>> The NSA has designated Norwich University a center of Academic
>> Excellence
>> in Information Security. Our program offers unparalleled Infosec
>> management
>> education and the case study affords you unmatched consulting
>> experience.
>> Using interactive e-Learning technology, you can earn this esteemed
>> degree,
>> without disrupting your career or home life.
>>
>> http://www.msia.norwich.edu/secfocus
>> ---------------------------------------------------------------------------

>>
>>
>>
>
>


---------------------------------------------------------------------------

This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------





---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------