Re: Security hierarchy

From: Peter K. (pmkdatabase@yahoo.ca)
Date: 04/20/03 

From: Peter K. <pmkdatabase@yahoo.ca>
Date: Sun, 20 Apr 2003 08:43:09 +0700

Hi Steve,

OK - last night I managed to reset the password policy.

I had to boot into DS restore mode in order to be able to access the
secedit.sdb file (I'll leave that for another thread). I had first
created another sdb file. I imported the setup security.inf template
to it. After booting in DS restore mode, I copied my new security file
to secedit.sdb.

Thanks, everyone,

Peter

On Mon, 14 Apr 2003 03:46:49 GMT, "Steven L Umbach" <n9rou@attbi.com>
wrote:

> Hmm!? I tried it out on my test network today. Set domain policy to
>complex passwords enabled. New users had to have complex passwords. Then I
>set domain policy to be disabled, used secedit refresh and was able to add
>users with simple passwords again. Effective local policy reflected what was
>set at domain level. Look in event viewer for any clues of a problem. You
>might want to try to reset your local security policy. I would also suggest
>running dcdiag first on the domain controller to see what it reports while
>logged on as a domain administrator. It is located on cdrom in support/tools
>folder where you will need to run the setup program there. -- Steve
>
>http://www.jsiinc.com/SUBL/tip5500/rh5571.htm
>http://www.jsiinc.com/subf/tip2700/rh2740.htm
>
>"Peter K." <pmkdatabase@yahoo.ca> wrote in message
>news:o28k9v0ssler1nciu40djvg3a4hcoaj5k1@4ax.com...
>> Steven and Joe,
>>
>> I have tried all the suggestions plus a new top GPO at domain level
>> and other combos as well. I can't get rid of the requirement for a
>> complex password - I give up.
>>
>> BTW, I found a post by Svyatoslav Pidgorny stating that security
>> polices are domain level only
>>
>(http://groups.google.com/groups?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&frame=ri
>ght&th=56ae7e30dcc1f1f0&seekm=u30XBWvCCHA.2096%40tkmsftngp04#link4)
>> but tried all the combos with DC and local settings also.
>>
>> I also found this in the KB (279890) - kind of bizarre, as it refers
>> to an option that as far as I can see does not exist - "I will specify
>> user's password".
>>
>> Thanks a lot for the input - greatly appreciated.
>>
>> Peter
>>

Peter

Relevant Pages

  • Re: password policy
    ... You have to disable or change the policy at the domain level for domain ... Never "undefine" a password policy setting. ... > prompted every 180 days to change their passwords. ...
    (microsoft.public.win2000.group_policy)
  • password policy
    ... I enabled a group policy to force users to change their passwords every 180 ... Management asked me to disable the policy so I did. ... the OU level and at the domain level. ...
    (microsoft.public.win2000.group_policy)
  • Re: password policy
    ... > There is not an option to disable the policy. ... >>> prompted every 180 days to change their passwords. ... >>> the OU level and at the domain level. ... >>> alexo ...
    (microsoft.public.win2000.group_policy)
  • Re: Locking down database accounts
    ... Personally it sounds to me that your company has established a policy and is ... But bottom line if you have to use SQL Server logins and passwords, ... Whether it's an encrypted flat file or an encrypted XML file, ...
    (microsoft.public.sqlserver.security)
  • RE: policy-based password cracker
    ... that required at least one upper, one lower and one number in all passwords. ... password checks can be eliminated due to the policy. ... Since the vast majority of the time for a brute-force attack is ... most brute-force attacks are very fast. ...
    (Pen-Test)