Our auditors just wrote us up. Here's their statement "The credit Union is not utilizing time/day restrictions in Windows. These setting restrict users from gaining network access during non-business hours. If not set appropriately, these accounts can be exploited to gain unauthorized access to the network". We have not dial up connections to the network. The only thing we have setup is to allow a connection to the Exchange server for internet email. We have eight digit passwords and an account is locked out after 3 invalid attempts. I don't believe having logon hour restrictions will improve security but I would like other opinions. Opinions??? Shirley Laliberte Quincy Municipal Credit Union http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
