Re: strong passwords

From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 01/18/05

• Next message: Cary Shultz [A.D. MVP]: "Re: Multiple logon scripts assigned with Active Directory"
• Previous message: Tomasz Onyszko [MVP]: "Re: Bloquing user"
• In reply to: Flavio Alves: "strong passwords"
• Next in thread: Herb Martin: "Re: strong passwords"
• Reply: Herb Martin: "Re: strong passwords"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 17 Jan 2005 19:12:15 -0500

Flavio,

In addition to what Ryan and Herb ( Howdy, Guys! ) have stated I would
suggest that you have a minimum password age of at least 10 days. Why?
Because without a minimum password age your smarter users will quickly find
out that they can change their password xx number of times ( in your case,
14 ) in rapid succession to get back to their favorite password. Thus, your
password policy will not really be that effective. With 10 days as the
minimum password age most - hopefully all! - users will have given up!

I would also suggest that you contact the MS PSS and get the fix ( for
free ) and install it on all of your computers ( Domain Controllers, Member
Servers, Workstations ) as your users will most likely NOT come up with a
password that will met with the complexity requirements. This will result
in an error message that is quite generic and not very informative. With
this hot fix the users will be given an error message that spells out
exactly what they need to do ( assuming that they read it! ).

Here is the link:

http://support.microsoft.com/?id=821425

You might also want to take a look at this MSKB Article:

http://support.microsoft.com/?id=309799

-- 
Cary W. Shultz
Roanoke, VA  24014
Microsoft Active Directory MVP
http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
"Flavio Alves" <FlavioAlves@discussions.microsoft.com> wrote in message 
news:3454A86B-CEC4-4463-969F-C0A302B86C69@microsoft.com...
> In my company , we are applicating strong passwords and i have the 
> following
> consiguration
> - enforce password history = 12
> - maximum password age = 90 days
> - minimum password age = 0
> - minimum password lenght = 6
> - password must meet complexity ... = disable
> - store passwords using .... = disable
> Now , after changes will to stay of following form .
> - enforce password history = 14
> - maximum password age = 45 days
> - minimum password age = 0
> - minimum password lenght = 8
> - password must meet complexity ... = enable
> - store passwords using .... = disable
>
> What´s the impact in my ambient, that  will occur with all workstation im 
> my
> company ?
> 

---

• Next message: Cary Shultz [A.D. MVP]: "Re: Multiple logon scripts assigned with Active Directory"
• Previous message: Tomasz Onyszko [MVP]: "Re: Bloquing user"
• In reply to: Flavio Alves: "strong passwords"
• Next in thread: Herb Martin: "Re: strong passwords"
• Reply: Herb Martin: "Re: strong passwords"
• Messages sorted by: [ date ] [ thread ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)