Re: control local password like IIS does?

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 04/03/05

  • Next message: lelteto: "RE: Use USB-token client certificate" 
    Date: Sun, 03 Apr 2005 08:45:17 -0400

    Check out

    NetUserModalsGet

    This will return data about the local machine and what its password policies
    are. Then you need to make your program adhere to them. The only one you can't
    programmatically determine is password complexity as it can be extended by
    recommendation would be to make passwords > 15 characters and make them
    extremely complex with multiple lowercase, uppercase, special chars, and
    numbers. You should probably also give the admins the ability to manipulate the
    type of passwords generated so that they can specify how long, what types of
    characters, etc that go into it in case you have some policy you hit that
    disallows special characters for instance. I am not sure how that would impact
    the IIS password. It is possible MS is bypassing complexity requirements for
    IIS, but don't expect they are. Even if they are, that doesn't mean you can,
    anything you do will go through the complexity rules.

        joe 

    --
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
EP wrote:
> I have a server application that creates it's own local anonymous user and
> must control it's password so it can log in as that user.
> 
> This works fine, I have the server generate a new password each time it
> starts up and use that new password to log in and get user tokens.
> 
> A problem arises when the software is installed on systems that have
> password requirements.  Since these can be so different,
> 
>     1) is there a way to have windows generate a random password based on
> it's current password rules?
>     2) how does IIS control it's IUSER_ABCD account's password?
> 
> I suppose I have to adhere to
>     * password length/character requirements
>     * password expiration (must change it some time)
>     * password change rules (can't change it more than X times in Y days,
> etc)
> 
> Any help is appreciated.
> 
>
  • Next message: lelteto: "RE: Use USB-token client certificate"

    Relevant Pages

    • Re: Exchange Replication and Failover
      ... I should have emphasized "add" in the phrase "add" complexity. ... and switch over with renaming the server name etc.etc.etc. ... the live server, which is where the problem comes in. ... >What you just described is EXACTLY what a cluster can do ...
      (microsoft.public.exchange.design)
    • Re: Ive thought better of Linux
      ... what huge amounts of work does a mail server do? ... would fail in odd ways in this sceario and would bounce deliverable ... UH> immense inherent complexity of the application domain? ...
      (comp.lang.lisp)
    • Re: Problem after setting password policy
      ... "Bob" wrote in message ... I recently changed the password policy on our server by going to ... I have now enabled "password must meet complexity requirements". ... No matter how complex the password is, the server always complains that the password does not meet the requirements. ...
      (microsoft.public.inetserver.iis.security)
    • Re: ASP.NET: Fundementally Flawed Architecture
      ... Writing an Http Server from scratch? ... Nope, not kidding. ... There are plenty of 3rd party tcp-ip delphi socket servers in the community, so there is no need for you to roll you own from scratch. ... I could of course use most other DB products as db back-end with no real impact in the size of complexity of code in the webserver. ...
      (borland.public.delphi.non-technical)
    • Quantcast