Regular users are able to change their passwords at any time. The
account I duplicated of mine using copy had the exact same groups and
worked. There are no options set to not allow to change passwords
either. I am going to try what you stated as create a user account to
use and see what happens. I'll also enable auditing and see on every
domain controller.
Re: Account lockouts ... for reusable passwords and the AAA infrastructures that rely upon them? ... In that context, account lockout policy -- duration, threshold, lockout ... > cracking attacks.... (microsoft.public.security)
Re: Deleting Admin Account ...administrative level account to change the Type of the Admin account ... created to a limited account (or create yourself a third account - non-admin ... The built-in administrator cannot be changed from the administrative level,... You should password protect (with different passwords would be best) each ... (microsoft.public.windowsxp.setup_deployment)
Re: Blank Passwords, Complex Requeirements and Problems... ... The account would then have: 544 = normal account with "Password Not Required" bit = on ...wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS ...BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... As far as i know, the Win2003 AD never had a "free" Default Domain Policy to allow that, the DDP is the Default since the initial build of th AD. Ok, let's say that an Admin disabled temporarily th DDP for a few moments and allowed certain accouns to be created with blank passwords.... (microsoft.public.win2000.active_directory)
RE: Single sign on ... How to authentificate an user via telephon?... > Avatier has a product which would allow users to reset their own passwords... >> for the person whose account is reset.... >> would only be accessible by the person whose account is reset. ... (Security-Basics)
RE: Threat vector of running a service using a domain account ... Cachedumps are for local logon password dumps.... Lsadumps retrieve the passwords in plaintext (each char. ...Cachedump, which again, doesn't work so well against the latest versions ... Threat vector of running a service using a domain account... (Security-Basics)
