User account - password attribute ?

Hi

A security audit in company states that a large amount of users are
allowed to use weak/zero passwords.

The domain policy setting says that weak/zero password isn't allowed!

Domain controllers : w2k3 and w2k

Here is the clue:
A closer look shows that a "weak/zero password user" can't make a weak
password by them self.
But an administrator CAN do it, by reseting the password. Have tried
that.

It seems to be users who have been auto-created / migrated who have
this "weak/zero password" possibility (old users - created for some
years ago).

On a newly created user couldn't even the administrator make a
weak/zero password for the user. This is normal.

Want to stop the possibility for setting weak/zero passwords by
helpdesk and administrator peoples.

Any idea about which user attribute to look for or ideas to solve this
behavior ?

Regards
John
.

Relevant Pages

  • Re: User account - password attribute ?
    ... policy on password strength was defined to be in force. ... The domain policy setting says that weak/zero password isn't allowed! ... A closer look shows that a "weak/zero password user" can't make a weak ... But an administrator CAN do it, ...
    (microsoft.public.windows.server.security)
  • Password policy & userAccountControl ?
    ... A security audit in company states that a large amount of users are ... The domain policy setting says that weak/zero password isn't allowed! ... A closer look shows that a "weak/zero password user" can't make a weak ...
    (microsoft.public.windows.server.active_directory)
  • User password attribute?
    ... A security audit in company states that a large amount of users are ... The domain policy setting says that weak/zero password isn't allowed! ... But an administrator CAN do it, ... Want to stop the possibility for setting weak/zero passwords by ...
    (microsoft.public.windows.server.general)