Re: Password Audit
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 4 Oct 2008 10:03:01 -0500
I should add that I know of no way to audit the passwords themselves (check
if they meet any requirements) except to attempt to authenticate with
various password, which would likely lockout the accounts. If you could tell
anything about the passwords (even something like the length) that would be
a serious security issue.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb668ea08caf3c8ac107bd0@xxxxxxxxxxxxxxxxxxxxxxx
Hello Glen,
You will find on Richards webpage:
http://www.rlmueller.net/PwdLastChanged.htm
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Thank you Richard, although I don't want all the passwords expiring at
once. I'd rather they just expire at their normal time.
Any idea of any good auditing software to ensure all accounts are in
compliance?
"Richard Mueller [MVP]" wrote:
And you can expire the password immediately by assigning 0 to the
pwdLastSet attribute. This can be done in a script or with command
line tools.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb668e878caf3c425335320@xxxxxxxxxxxxxxxxxxxxxxx
Hello Glen,
1. Complex password policy restrict the password to include more
then 3 characters of the username.
2. In the next change interval they will switch to the new policy or
if they change the password themselves.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
We are going to be implementing a new password policy. I have two
questions.
First - after the policy is in place requiring complex passwords,
we would like to be able to audit the accounts to be sure they are
all in compliance. We are trying to get rid of the password and
username being the same for example. Is there any recommended
software to accomplish this? I am the domain admin. I remember
LophtCrack and a few others that were good but have since seemed to
disappear.
Second - If I implement the policy will it have any effect on those
user who are currently not in compliance but are not due to have
their password changed. In other words, will it allow them to keep
their non-complex password in place until they are required to
change it?
Thanks.
.
- References:
- Re: Password Audit
- From: Glen
- Re: Password Audit
- From: Meinolf Weber
- Re: Password Audit
- Prev by Date: Re: Active Directory "ignoring" Apple Macbook Pro
- Next by Date: Re: "Can not find file" error message while changing passwords
- Previous by thread: Re: Password Audit
- Next by thread: Re: Password Audit
- Index(es):
Relevant Pages
|
