Re: User account - password attribute ?
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Wed, 22 Feb 2006 21:38:12 -0700
I think your issue is with passwords that were set before the
policy on password strength was defined to be in force.
To get the old non-compliant passwords use a password
expiration and so after one pass through the expiration time
all account will have needed to reset their passwords, at which
time the policy will be enforced on them.
It is not my experience that an admin can set a password
that fails to meet the policy.
--
Roger Abell
Microsoft MVP (Windows Server : Security)
<John> wrote in message news:1s0nv1h88gfm4uufiqpgsdgjnen3n7p5tj@xxxxxxxxxx
Hi
A security audit in company states that a large amount of users are
allowed to use weak/zero passwords.
The domain policy setting says that weak/zero password isn't allowed!
Domain controllers : w2k3 and w2k
Here is the clue:
A closer look shows that a "weak/zero password user" can't make a weak
password by them self.
But an administrator CAN do it, by reseting the password. Have tried
that.
It seems to be users who have been auto-created / migrated who have
this "weak/zero password" possibility (old users - created for some
years ago).
On a newly created user couldn't even the administrator make a
weak/zero password for the user. This is normal.
Want to stop the possibility for setting weak/zero passwords by
helpdesk and administrator peoples.
Any idea about which user attribute to look for or ideas to solve this
behavior ?
Regards
John
.
- References:
- User account - password attribute ?
- From: John
- User account - password attribute ?
- Prev by Date: Re: CTRL-ALT-DEL SCREEN VANISHES
- Next by Date: Re: CTRL-ALT-DEL SCREEN VANISHES
- Previous by thread: User account - password attribute ?
- Next by thread: Setting up IIS 6.0 tutorial
- Index(es):
Relevant Pages
|
