RE: [ActiveDir] Seperate Administrator password policy

[Grillenmeier, Guido]

Don’t think that auto disabling them when they don’t follow your organizational rules is too harsh. They will be certain to follow the rule in the future.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V CTR USAF NASIC/SCNA Sent: Thursday, August 31, 2006 2:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Seperate Administrator password policy   I thought about that, but that does not prohibit you from setting a password less than 15 characters.  I thought about setting it up to run on a changenotify event and then if the length was less than 15, disable the account, but I think that is a bit harsh.  I dont know of a way of stopping the setting of a password less than 15 characters without a actual subdomain.  That PPE looks like it would do the trick, but I dont think we are being given third party tools to implement this security measure.   Nate   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: Thursday, August 31, 2006 8:39 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Seperate Administrator password policy Would it be easier just to ask them to use 15 characters?  Run a small script to check on the numbers of characters after the passwords have been changed. If under 15 than ask them to change it again. -Z.V. Almeida Pinto, Jorge de wrote: third party software could be an option for example: http://www.anixis.com/products/ppe/default.htm   jorge   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bahta, Nathaniel V CTR USAF NASIC/SCNA Sent: Thursday, August 31, 2006 14:15 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Seperate Administrator password policy Just wanted to field this to see if it makes any sense to any of you guys.    We are going to implement a mandatory 15 character password policy for all of our administrator accounts.  The only way that makes sense is a subdomain with a separate password policy, since there is only one per domain.  I also know that I have to edit the minPwdLength attribute and the uASCompat attribute to make this work on the subdomain.  Can anyone think of another method of doing this?     Thanks,   Nate Bahta   This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.