RE: Password Audit Software by Microsoft

Hi David,

Good to see that you've made headway on setting a good password policy by
forcing users to change their initial password. IMHO it's time for you to
extend that by enabling password aging/history. If you do this, every user
is going to be required to change their password at some point in the future
which will remove the "default" password from your environment. If you
wanted to take it further, you could enforce a password complexity filter to
stop users from being able to reset their password to the default value,
whilst still allowing administrators to use it as an initial password on new
accounts.

It would be better if you did away with the default password altogether and
gave each new account a unique password. You can find some word lists on the
Internet and use some vbscript to create some random but easy to remember
passwords (something like two words with a period i.e. random.pass)

Regards,
Mark.
--
-----------------------
Mark Whitby


"David Grand" wrote:

> When we set up our users on our domain, we use the same password for
> everyone. But we don't force a change upon initial login. So it is quite
> possible that someone could be using that same initial password for a long
> time. We have changed our policy and now of course we do require a password
> change on iniitial login.
> But we would like to know who may still be using the original, iniital
> password.
> The domain admins and IT management have no desire to impersonate a person
> by hacking their password and then doing some nefarious work. Just trying to
> see who is using a particular password.
>
> "Mark Whitby" wrote:
>
> >
> > If there were such a download, it would kind of defeat the object of
> > passwords. They're supposed to be secret - no-one else other than the owner
> > of the account should know the password. In fact, a lot of work has gone on
> > over the years to try and make it harder to extract passwords from the
> > directory.
> >
> > What exactly are you trying to do? I would have thought you want to find
> > out who's using a particular user account on your domain, not a particular
> > password. If you provide some more details around the problem you're trying
> > to solve, someone here may be able to help out. If you're just trying to
> > crack someone's password, you're probably asking this question in the wrong
> > forum ;-)
> > --
> > -----------------------
> > Mark Whitby
> >
> >
> > "DavidGrand" wrote:
> >
> > > Does anyone know of a Microsoft download that allows domain administrators to
> > > list out all the passwords in a domain? We are trying to find out who is
> > > using a particular password on our network.
.

Relevant Pages

  • Re: Password expires for no apparent reason
    ... go to the server and run rsop.msc and check your password policy, ... expires' is set for each user. ... the minimum password age is there to prevent users from blowing ... As Harj said Account lockouts could potentially be a problem as perhaps the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password Policy for remote users
    ... There is only one password policy per domain or per machine. ... accounts, and this or the highest priority GPO setting account policies ... Change remote users passowrd to more complex. ...
    (microsoft.public.security)
  • Re: Valid password characters
    ... A good password policy should be combined with a good user name ditto. ... whereby an account would be disabled after a certain of unsuccessful ... The attack on this type of protection will not be a frontal attack ... without even the implied warranty of merchantability ...
    (microsoft.public.inetserver.asp.db)
  • password change problem
    ... top and want this password policy accross the domain. ... At first, all was fine, my users could ctrl-alt-delete ... change the password for the domain adminstrator account ... change and next log in, no problem works fine, just cant ...
    (microsoft.public.windows.group_policy)