Re: Users w\expired passwords(non-blank) + PASSWD_NOTREQD = Access ???
- From: "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx>
- Date: Mon, 16 Apr 2007 14:09:38 -0400
That's why I suggested testing it.
If I were to think the question through for a second, then the answer is YES
I am getting through if the password is set to password not required + it is
expired. Why? Because I don't have to enter a password to change it. No
password requirement == already blank in many cases. At the very least, you
can't say it's not.
I have to agree with the auditors on this one that you shouldn't have those
lying around.
YMMV, but I still suggest testing for your specific environment.
Hopefully you haven't told the auditor's they're full of it yet :)
"Joe_SMS" <jw_nagy@xxxxxxxxxxx> wrote in message
news:1176726200.305894.126820@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I think Al, the other contributor is thinking the same way people here
are. But thats a misinterpretation. Its not that a password isn't
required to LOGIN, its simply like Joe said, the account isn't
required to have a password. But, whether you have a blank password
or not..... IF ITS EXPIRED, you're not getting in.
This is what I was thinking and I think Joe pretty much confirmed it.
.
- References:
- Users w\expired passwords(non-blank) + PASSWD_NOTREQD = Access ???
- From: Joe_SMS
- Re: Users w\expired passwords(non-blank) + PASSWD_NOTREQD = Access ???
- From: Joe Richards [MVP]
- Re: Users w\expired passwords(non-blank) + PASSWD_NOTREQD = Access ???
- From: Joe_SMS
- Users w\expired passwords(non-blank) + PASSWD_NOTREQD = Access ???
- Prev by Date: Re: Write Only Permissions on a folder
- Next by Date: Re: Creating Several Users in AD through scripts
- Previous by thread: Re: Users w\expired passwords(non-blank) + PASSWD_NOTREQD = Access ???
- Next by thread: Re: Users w\expired passwords(non-blank) + PASSWD_NOTREQD = Access ???
- Index(es):
Relevant Pages
|
