Re: Can't change security policy
- From: "Leonid S. Knyshov" <lknyshov@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 29 Dec 2005 21:50:20 -0800
"rindi" <rindi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:42B4F95E-77FC-470E-B43A-02389FAF3094@xxxxxxxxxxxxxxxx
> I've just installed SBS2003 server with integrated SP1. Users can't login
> from the network and also the default password strength is too high. I
> can't
> seem to be able to change any such settings. When I use the security rules
> for domains or the security rules for domain controllers, whenever I try
> to
> save changes, I get an error:
>
> "An extended Error occured, not saved
> \\domain\sysvol\domain\Policies\{.......}\Machine\microsoft\WindowsNT\SecEdit\GptTmpl.inf."
>
There is no such thing as "password strength is too high". Please do not
attempt to lower your security level below a reasonable 7-char/3 char
groups/42 days lifetime setting. A passphrase should ideally be at least 15
characters in length and comprosed of 3 or 4 character groups. Anything
shorter can and will be cracked in a matter of seconds using the right
equipment that I do possess.
We also need to review the output of netdiag and dcdiag to find out why you
have the group policy issues on an allegedly brand new server. SBS takes
practice to install and configure properly, and I do not recommend using the
very first deployment in production due to issues such as this one.
--
Leonid S. Knyshov, CEO
Crashproof Solutions, LLC - http://www.crashproofsolutions.com
MCP Exchange 2003/Small Business Server 2003, CCNA, SCSA 8
Microsoft Small Business Specialist Partner
.
- Follow-Ups:
- Re: Can't change security policy
- From: rindi
- Re: Can't change security policy
- From: SuperGumby [SBS MVP]
- Re: Can't change security policy
- Prev by Date: Re: after sharepoint 2.0 update
- Next by Date: Re: Keep admins off of client machines
- Previous by thread: Critical Errors in Security Log
- Next by thread: Re: Can't change security policy
- Index(es):
Relevant Pages
|
Loading
