Re: User Password Security

From: "ChuckN" <Chuck@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 25 Feb 2008 10:44:21 -0600

Thanks Al. That Article clears up what is happening. I certainly have no objection to it. It is nice to know that it is a standard activity of AD and not some unwanted external activity.

"Al Dunbar" <AlanDrub@xxxxxxxxxxxxxxxxxxx> wrote in message news:ewxSDXxdIHA.4260@xxxxxxxxxxxxxxxxxxxxxxx

<fatcity@xxxxxxxxx> wrote in message news:8d6c18d5-5c71-450f-b687-a77d3d723581@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Feb 19, 12:28 pm, "ChuckN" <Ch...@xxxxxxxxxxxxxxxxxxxxxx> wrote:
We have a W2K3 Enterprise server as our DC. In event viewer, I noticed
several similar events under security that I don't understand.

With event ID 646, a Computer Account Change is announced. Based on the
time stamp, it indicates that the User Password was Last Set at the same
time as the event. The User is listed as NT AUTHORITY\ANONYMOUS LOGON.
Under the description, an internal target account is listed.

I assume this is an automatic activity since it is not being initiated by
anyone. Initially, I thought it might be someone getting into our system
and somehow accessing or changing passwords. That does not seem to be the
case.

Any info would be appreciated.

I'd like to know some info about this event as well. I've done some
reading about this and from what I gather it is a normal occurance for
the machine passwords to be changed by AD. One person posted that it
happens every 30 days although I can't verify this. Any additional
info is GREATLY appreciated!!!!

===> Account passwords for domain omputers *are* changed on a regular basis. I have heard the 30 days, but I have also heard of this being every seven days, which appears to be the case in our network - perhaps it is a configurable setting. This knowledgebase article seems to imply that it was 7 days for NT domains, and 30 for 2k and 2k3:

http://support.microsoft.com/kb/175468

it also explains how this can be prevented, however, I do not quite see what the percieved problem is with the passwords changing - unless there is some security vulnerability in the related communications that take place.

/Al

References:
- User Password Security
  - From: ChuckN
- Re: User Password Security
  - From: fatcity

Prev by Date: Re: How can admin not have access to certain shares?
Next by Date: Re: Deploying Active Directory Users and Computers?
Previous by thread: Re: User Password Security
Next by thread: can I connect to an external server using a local account?
Index(es):
- Date
- Thread

Relevant Pages

RE: Setting password GPOs
... If you find only a few clients are prompted for changing passwords, ... policies may not have been applied to the other users. ... Microsoft Online Partner Support ...
(microsoft.public.windows.server.sbs)
pam_ldap and passwd
... except for changing passwords: ... passwd: Sorry, `passwd' can only change passwords for local or NIS users. ...
(freebsd-current)
Re: pam_ldap and passwd
... > fine except for changing passwords: ... > passwd: Sorry, `passwd' can only change passwords for local or NIS ...
(freebsd-current)
Macintosh users and changing passwords via OWA on E2K3
... We are using forms-based authentication for OWA to accomodate some users. ... The error message they get is Error -2147024773. ... I know that IE won't work for changing passwords - it ...
(microsoft.public.exchange.admin)
Re: How to use API to access passwords stored in reversible algorithm?
... I don't want to access clear text passwords, I just need to write a module ... I want to access passwords in the same way IIS does using the reversible ... Alon Bar-Lev. ... > Do you want access to the clear text of the user password in Active ...
(microsoft.public.platformsdk.security)