Implications when letting people reset passwords over the Internet
Next message: Darren D: "secedit rollback switch"
Date: Sun, 27 Mar 2005 10:55:07 -0800
Imagine my organization has 15,000+ Windows 2003 AD accounts.
I have a single Domain, Single Forest.
I am planning to hire some folks to build an ASP.NET code that would let
people to confirm identity and from there get passwords reset.
I would made the URL available on the Internet, published via ISA 2004 (ISA
box is in the DMZ).
The account able to reset passwords in AD would have the necessary rights to
reset passwords only.
Question is this:
What are the security implications when implementing such system ? Please
advise.
Next message: Darren D: "secedit rollback switch"
Relevant Pages
- Re: Lockout of all acounts
... > accounts, including Administrator, have been locked out. ... > have a single domain controller and cannot get console access. ... is the lockout from repeated failed ...
(microsoft.public.win2000.general) - Re: Skype Handset
... Their baseline package is $4.99/mo for a single domain and a thousand email ... accounts with 5GB of space for your site and 250 GB of traffic - that's ... Jack Gates http://www.jlgates.com/ ...
(Fedora) - Re: Cant add two user with same name and surname... why NOT ?
... The names used in accounts are searchable criteria in Active Directory so it ... is useful for them to be unique within a single domain. ... > I, I'm new to windows 2003 SBS, and I'm Italian. ...
(microsoft.public.windows.server.sbs) - Re: Cant add two user with same name and surname... why NOT ?
... it was possible to add a user with same name and surname ... >is useful for them to be unique within a single domain. ... >the difference between accounts by name. ... >> I, I'm new to windows 2003 SBS, and I'm Italian. ...
(microsoft.public.windows.server.sbs) - Logon problems after upgrading bdc to server 2003 and installing AD
... Active Directory some users are unable to login to email. ... I reset passwords, I deleted accounts and set them backup ...
(microsoft.public.windows.server.active_directory) |
|
