Re: Blank Passwords, Complex Requeirements and Problems...
- From: "Ken Aldrich" <supportw@xxxxxxxxxxxxxxx>
- Date: Thu, 13 Mar 2008 16:21:24 -0500
Hello,
Are you sure that those accounts are subject to the group policy?
I recommend running a "Resultant Set of Policies" test on the user accounts
in question.
There are several reasons why a given policy will not be applied to a user
account. I would find out first if the policy is being applied to those
accounts or not. If it is not, then you need to track down why the accounts
are exempt.
--
Ken Aldrich
DSRAZOR for Windows
Visual Click Software, Inc.
www.visualclick.com
"MCTS" <MCTS@xxxxxxxx> wrote in message
news:EEDCD917-1BD0-457F-8434-F9F6BAB0D5D2@xxxxxxxxxxxxxxxx
Blank Passwords, Complex Requeirements and Problems...
An auditor discovered several accouns with Blank Passwords in a
MultiDomain AD structure arround the world
As far as i know, the Win2003 AD never had a "free" Default Domain Policy
to allow that, the DDP is the Default since the initial build of th AD.
Ok, let's say that an Admin disabled temporarily th DDP for a few moments
and allowed certain accouns to be created with blank passwords. Today, the
DDP is configured to allow only complex passwords.
10 accounsts in the domain (among 1.200 other accounts) were found with
blank passwords. When we reset thoses passwords, the ADUC allows.. BLANK
passwords!!!!! Only in the 10 aaccounts created in 2007 (The AD was
created on 2004). Any other user don't have that problem, only a
sequencial list of accounts (created by script with the DSADD tool,
exactly like any other account in the domain)
.
- Prev by Date: Re: User login creation issue
- Next by Date: Re: just did a dcpromo
- Previous by thread: Re: User login creation issue
- Next by thread: Re: Blank Passwords, Complex Requeirements and Problems...
- Index(es):
Relevant Pages
|
