Re: Password Audit

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Marcin" <marcin@xxxxxxxxxxxxxxxx>
• Date: Fri, 3 Oct 2008 18:22:28 -0400

---

Glen,
there is fairly wide selection of s.c. "recovery" tools (L0phtcrack has been
dropped by Symantec a few years ago but you stil should be able to find its
copies around ) available on the Internet that allow you to dump password
hashes or sniff them over the network and subsequently crack them by
applying wide range of attacks. My recommendation would be to simply apply
password complexity requirement via domain-level group policy and then
enforce password change via a script
(http://www.microsoft.com/technet/scriptcenter/resources/qanda/may07/hey0516.mspx).
This way you will ensure that the change you implemented will apply to all
users - or rather those who attempt to log on following the change and whose
passwords are not set to not expire. If you are concerned about the latter,
refer to
http://www.microsoft.com/technet/scriptcenter/resources/qanda/oct06/hey1031.mspx.

hth
Marcin

"Glen" <Glen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5FF46E95-C799-4608-ACFA-18D1FF5F508C@xxxxxxxxxxxxxxxx

We are going to be implementing a new password policy. I have two
questions.

First - after the policy is in place requiring complex passwords, we
would
like to be able to audit the accounts to be sure they are all in
compliance.
We are trying to get rid of the password and username being the same for
example. Is there any recommended software to accomplish this? I am the
domain admin. I remember LophtCrack and a few others that were good but
have
since seemed to disappear.

Second - If I implement the policy will it have any effect on those user
who
are currently not in compliance but are not due to have their password
changed. In other words, will it allow them to keep their non-complex
password in place until they are required to change it?

Thanks.

.

---

• References:
  • Password Audit
    • From: Glen

• Prev by Date: RE: Assigning Static IP Address to VPN Clients
• Next by Date: RE: Assigning Static IP Address to VPN Clients
• Previous by thread: Re: Password Audit
• Next by thread: Re: Password Audit
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Password Audit ... I should add that I know of no way to audit the passwords themselves (check ... Richard Mueller ... Complex password policy restrict the password to include more ... all in compliance. ... (microsoft.public.windows.server.active_directory) Re: Password Audit ... Thank you Richard, although I don't want all the passwords expiring at once. ... Complex password policy restrict the password to include more then 3 ... First - after the policy is in place requiring complex passwords, ... compliance. ... (microsoft.public.windows.server.active_directory) RE: Highlighting weak password dangers ... "There is no reason for using brute-force for policy compliance." ... The problem here is that when connected to domain, the Account ... (Security-Basics) Re: How can admin not have access to certain shares? ... correct policy and then monitoring the systems ... security and compliance perspective then doing nothing at all. ... admin access you have access to everything and there is no way to change ... (microsoft.public.windows.server.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2008-10