Re: Blank Passwords, Complex Requeirements and Problems...

Tech-Archive recommends: Fix windows errors by optimizing your registry

what is the userAccountControl value for those accounts?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"MCTS" <MCTS@xxxxxxxx> wrote in message news:EEDCD917-1BD0-457F-8434-F9F6BAB0D5D2@xxxxxxxxxxxxxxxx
Blank Passwords, Complex Requeirements and Problems...

An auditor discovered several accouns with Blank Passwords in a MultiDomain AD structure arround the world

As far as i know, the Win2003 AD never had a "free" Default Domain Policy to allow that, the DDP is the Default since the initial build of th AD. Ok, let's say that an Admin disabled temporarily th DDP for a few moments and allowed certain accouns to be created with blank passwords. Today, the DDP is configured to allow only complex passwords.

10 accounsts in the domain (among 1.200 other accounts) were found with blank passwords. When we reset thoses passwords, the ADUC allows.. BLANK passwords!!!!! Only in the 10 aaccounts created in 2007 (The AD was created on 2004). Any other user don't have that problem, only a sequencial list of accounts (created by script with the DSADD tool, exactly like any other account in the domain)






.

Relevant Pages

  • Re: password expiration policy for admin and system accounts ?
    ... policy that Admins manually reset these important account passwords every ... You can still have the passwords set to never expire, ... > Privileged accounts should be the most, not the least, well guarded. ...
    (microsoft.public.security)
  • Re: password expiration policy for admin and system accounts ?
    ... policy that Admins manually reset these important account passwords every ... You can still have the passwords set to never expire, ... > Privileged accounts should be the most, not the least, well guarded. ...
    (microsoft.public.win2000.security)
  • RE: Security Logging - Passwords & Accounts
    ... Security Logging - Passwords & Accounts ... Does anybody know of any way to log changes to user & group accounts and ...
    (RedHat)
  • Antivirus programs for XP - best ones?
    ... DON'T create user accounts during setup as they will become ... Turn of transmission of passwords and user credentials in clear ... Keep your system and ALL installed applications uptodate (Microsoft ...
    (alt.computer.security)
  • Re: Trillian Ver 3.1 saves passwords in plain Text
    ... >Cc: Suramya Tomar ... When you choose the option to check your yahoo email from Trillian ... I have a YIM, ICQ, AIM and several Jabber accounts. ... >trace of any of my passwords in any file in this directory. ...
    (Bugtraq)