Re: Security Alert: Windows 2000 Expired Password Vulnerability

From: Steven L Umbach (n9rou_at_nscomcast.net)
Date: 06/06/04 

Date: Sun, 06 Jun 2004 20:41:35 GMT

I have never seen a password expire for a windows user account where there
was no maximum password age. You might check your policy again. Domain
policy for domain users is set at the domain level and for local users can
be set at the local or OU level. Net accounts will show password policy on a
particular computer or for the domain on a domain controller and for an
individual user use net user username to check and see if the password has
actually expired. You can also configure domain or local accounts to have
their password never expire in the account properties.

I am not familiar with Norton vpn client but with the built in W2K/XP Pro
client I believe you can change domain password if you select the option to
logon to the domain in the vpn connectoid. You may want to contact Norton to
see how to work around expired domain passwords when you logon with cached
credentials. I don't understand what you consider a vulnerability with W2K.
Were you able to compromise the domain somehow?? -- Steve

"Maha" <mcnegi@hotmail.com> wrote in message
news:189fa01c44bb7$815a8cb0$a301280a@phx.gbl...
> We have remote user using NORTON VPN client to connect
> network. Some user are facing problem when they tried to
> connecct exchange server through outlook.
> Getting msg your password expire.
>
> There is no password policy applied.
>
> User is able to login off line with cach account to domain.
> After connected VPN open up outlook
> Normally it does't ask to enter username, password, domain.
> Now it is asking enter username password domian
> after entred password msg says your password is expire.
> Is ther any patch available for this issue?
> when user tried to login locallyby chnaging log on to this
> computer then after suddanly user can not even logon off
> line to domain with cach accoutnt?
>
> Can anyone help on this issue pls
>
> OS winows 2000 prof
> Domain win2k
>

Relevant Pages

  • Re: Password expires for no apparent reason
    ... Sorry to be vague Harj. ... But - I want the passwords to never expire. ... policy that has set the values to what you see below meaning that users ... As Harj said Account lockouts could potentially be a problem as perhaps ...
    (microsoft.public.windows.server.active_directory)
  • Re: PwdLastSet
    ... If an account isn't expiring it is one of a few things ... The account is personally configured not to expire ... policy as the rest of the domain because something is broken. ... Joe Richards Microsoft MVP Windows Server Directory Services ...
    (microsoft.public.win2000.active_directory)
  • Re: Password Mgmt
    ... There are 3 policies implemented by the shadow file (and/or NIS+). ... Policy 1: Password Aging (lastchg, min, max, warn} ... the expire field perform very distinct functions that are in no way related. ... The account should be disabled after a week so that it can not ...
    (Focus-SUN)
  • Re: net User command
    ... which don't expire ... ... > The password expiry date is not a property of each account; ... > it is set by the system, according to the policy currently in force. ... >>> Jerold Schulman ...
    (microsoft.public.windows.server.general)
  • Re: GPO causing client security logs to fill?
    ... a virus in play. ... settings to be applied on your client workstations. ... Group Policy is a complex and often misunderstood beast. ... I modified the account ...
    (microsoft.public.windows.server.sbs)