Re: New password policy creates permission havoc

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Herb Martin" <news@xxxxxxxxxxxxxx>
Date: Fri, 15 Sep 2006 12:59:05 -0500

"Tommy Tutone" <tutonester@xxxxxxxxx> wrote in message
news:eeegcb019lq@xxxxxxxxxxxxxxxxxxxx

I've just instituted a new password policy which requires users to change
passwords very 90 days and must be 6 characters.

That is such an awful password "policy", why bother?

At least 7 characters (there is a cryptographic technical reason).
14 (OR MORE) is really the only level you can expect signficant
security though.

However now I have users not able to access domain resources such as
shared folders and files that they previously had access to.

That is NOT going to DIRECTLY affect permissions.

It can only affect ACCESS due to users needing to authenticate.
If they have logged on and not logged off since their password
expired they may need to do re-logon or just explicitly change
their password.

BUT, in general, if you are already logged on then such changes
are irrelevant until the password expires.

We have a user connecting remotely using a Windows 2000 VPN to the DC and
now she can't access her folders, it keeps asking for a username and
password. TIA.

There is the real issue: She cannot authenticate since she hasn't
changed her password (the permission issue is a secondary effect.)

Return her to the network for one logon (or do it for her if you must).

You will of course know her password but with such insecure
passwords this likely doesn't matter (as you could easily crack ALL
of these passwords anyway.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

--
TT

References:
- New password policy creates permission havoc
  - From: Tommy Tutone

Prev by Date: Re: New password policy creates permission havoc
Next by Date: Re: How to block Domain Admin Accounts deletion by Account Operators
Previous by thread: Re: New password policy creates permission havoc
Next by thread: Re: How to block Domain Admin Accounts deletion by Account Operators
Index(es):
- Date
- Thread

Relevant Pages

Re: Complex passwords
... their length until their current password expires. ... Microsoft MVP - Windows Security ... case it said it must be 5 characters minimum. ... I believe that after you enable complex password it will require all users ...
(microsoft.public.windows.server.networking)
Re: passwort
... what is called a Single Sign On (SSO) for other web sites. ... We webt back to that min web site for SSO/PKI ... setup and sure enough it wouldn't authenticate on her password either. ... new characters. ...
(microsoft.public.windowsxp.security_admin)
Re: Complex passwords
... windows tells you what the complex password requirement is. ... case it said it must be 5 characters minimum. ... I believe that after you enable complex password it will require all users ... and after user's current password expires they will have to choose a ...
(microsoft.public.windows.server.networking)
Re: Password Length
... Users will have to change their password to 7 characters or longer only ... after current password expires. ... You can always select user account and check "User must change password at ... > the system make everyone change passwords at next logon? ...
(microsoft.public.security)
Re: Password Length
... Miha Pihler wrote: ... > Users will have to change their password to 7 characters or longer ... > only after current password expires. ... > selected users. ...
(microsoft.public.security)