Re: Problem with password local security policy

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 11/18/05

  • Next message: Steven L Umbach: "Re: Access Problems" 
    Date: Fri, 18 Nov 2005 12:11:24 -0600

    On third thought disabling access to control.exe would be a viable solution
    to prevent use of control userpasswords. I am having a rough start to the
    day. I usually test out such recommendations and what I mistakenly did was
    add control.exe to the list of "run only allowed Windows applications" and
    I was wondering why nothing seemed to work! Well I remedied that and all is
    well now since I added it to the "don't run specified Windows applications"
    list and undefined the run only allowed Windows applications list. Sorry
    for the confusion. --- Steve

    "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
    news:%23jG$3kG7FHA.736@TK2MSFTNGP09.phx.gbl...
    > On second thought scratch that idea as it probably will interfere with
    > other functionality on the computer. You could however use something like
    > fiilemon which is free from SysInternals to try and track down an
    > executable/file that can be modified or removed from the computer that
    > will prevent the user from using that. --- Steve
    >
    >
    > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    > news:wYWdnav2Ao03jOPeRVn-hg@comcast.com...
    >> In such case you could change the ntfs permissions on control.exe or add
    >> it to the blacklisted applications in Group Policy under user
    >> configuration/administrative templates/system - don't run specified
    >> Windows applications. --- Steve
    >>
    >>
    >> "kasommer" <kasommer@discussions.microsoft.com> wrote in message
    >> news:31CF17E1-4746-4A7C-BA0B-83CA4E7D9CB9@microsoft.com...
    >>> Same thing described in this thread that I started..
    >>>
    >>> http://www.microsoft.com/windowsxp/expertzone/newsgroups/reader.mspx?dg=microsoft.public.win2000.security&tid=fa69fa9f-9ab9-4992-834a-e7d3d4327adc&p=1
    >>>
    >>> I'm guessing the only answer is to not allow access to that control
    >>> panel
    >>> applet. Even then it can still be invoked by "control userpasswords"
    >>>
    >>>
    >>>
    >>>
    >>> "GSelser" wrote:
    >>>
    >>>> At my company we have several systems that are stand alone windows 2000
    >>>> pro
    >>>> workstations. We have the local security policy set so that you have to
    >>>> put a
    >>>> password in that is 9 characters long. If you go to local user and
    >>>> groups and
    >>>> create a new user, it will not finish or complete if you do not assign
    >>>> a
    >>>> password that is a least 9 characters long.
    >>>> We found today that if you open the user and password applet in the
    >>>> control
    >>>> panel and click add under the user tab and go through the new user
    >>>> wizard, it
    >>>> will allow you to assign a blank password. This can only be done if the
    >>>> account is created by a administrator.
    >>>> What I need to know is why does it allow it when you use the applet and
    >>>> not
    >>>> when you use the local user and groups interface and is there a way to
    >>>> disable or set it so that you cannot easliy create a new user with no
    >>>> password.
    >>>> These systems are for use in a closed environment and the company does
    >>>> not
    >>>> like that you can so easily create a blank password account.
    >>>> Any suggestions will be appreciated.
    >>>> Thanks
    >>>> Glenn
    >>
    >>
    >
    >

  • Next message: Steven L Umbach: "Re: Access Problems"