Yeah thats what me and my coworkers have been debating,
what method to use to check password length. We are looking through perl
modules to see if there are any that can actually do what we are talking
about. So far no luck with it, but the search continues. Do you know
of any module that
Come on.. You mean searching for a _vbscript_ to check password length
yields nothing on Google.com?
Here is a start:
==
Dim User
Dim UserName
Dim UserDomain
UserDomain = "DomainToManage"
UserName = "UserName"
Set User = GetObject("WinNT://" UserDomain "/"
What does that have to do with reading how many characters
someones password is? I know how to find out the minimum password lengths
value, but that is not what we are concerned with. We are concerned with
how long the actual password is. Be it 15 or 20 or 8 characters, that is
what we are
doesn't this return the minimum password length
configuredin the password policy for the domain, and not the password
length of the actual password for that targeted user account
jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Za
VueSent: Friday, September
As a
side note to the other discussions, you do not need to set minPwdLength *and*
uASCompat. minPwdLength is for a Win2K3 domain, and uASCompat is for a Windows
2000 domain. In Windows 2000, you can also just directly edit the GP template
(.adm).
Laura
From: [EMAIL PROTECTED]
That is what I am saying... You can't.
Once a password has been checked through the filters and
the change notifysent out to the hooked functions, the password
length/complexity/etc is gone. The clear text password is not kept. Certainly
MSFT doesn't keep a tally on what length the password
Hey,
There was a site created in AD that I would like to remove.
Are there any gotchas when removing a site and adding the subnet back into an
existing site? The site was created for our datacenter. The datacenter houses our
Exchange servers and I would like Exchange to use the DC/GCs in
Wouldn't it make more sense to change the site definitionsanddc/gcmemberships prior to removing the site? On 9/1/06, Mike Newell
[EMAIL PROTECTED] wrote:
Hey,
There was a site created in AD that I would like to remove. Are there any gotchas when removing a site and adding the subnet back into an
HI,
I have one of my client that has AD
integrated DNS.
The internet domain is the same that the
AD domain. (domain.com)
They have ns1 and ns2 to handle the
internet domain, meaning mx, www, A ,etc records for domain.com, those are the
external DNS servers.
And they also have
That is generally not a good idea.
Google: split brain DNS this should give you a good
start.
Chuck Robinson, MCSE: Messaging, VCP, Senior Solutions
Consultant
EMC Microsoft
Practice
tel 732-321-3644 xt.45, mobile 973-865-0394, fax 732-321-6855
email:[EMAIL PROTECTED]
All you should have to do is create an A record named www, point
it to the internal IP of your web server. This will create an A record of
www.domain.com
Thanks,
Anthony Scott
Microsoft
Consultant
Mobile 616-481-9722 | Desk 616-464-6369 | [EMAIL PROTECTED]
From: [EMAIL
This doesn't do anything positive for him regarding his particular concerns. He is publishing internal records to the public.
I have seen some people argue that it is not a big deal to expose internal addresses/records unless the addresses are routable. Me? I say it is bad to mix your internal
Is there a script out there to move contacts entered in a specific OU
and different distribution groups to EXCH's Public Folders?
It's a weird request by a client!
Alex
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alex Alborzfard
Sent: Tuesday,
Heh, this was a topic on a MSFTconcall yesterday...
Bind 9supports multiple views on zones based on external/internal (or
other definitions) requests... Cuts down on the number of DNS servers required.
http://www.oreillynet.com/pub/a/oreilly/networking/news/views_0501.html
Couldn't make the con-call.
But we have been asking for this for some time now. Do you have any shareable info on what MS is doing along that line?
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory
Anyone else out there dealing with the Computer Associates eTrust
Antivirus signature thing this morning?
Symptoms: The system process C:\Windows\System32\lsass.exe
terminated unexpectedly with status code 0. The system will now shut down
and restart.
After the reboot, it once again
Hey Al,
Yep. Sorry, I got a bit sloppy when writing that part. I don't plan to delete
the site for a few days after I make the change.
Do you think I should I move the DC to siteB then associate the subnet with
siteB or should I change the subnet/site then move the DC?
Thanks again.
CA eTrust Antivirus flagging lsass.e x e
http://isc.sans.org/diary.php?nstoryid=1665
Unsubscribe: http://isc.sans.org/notify.php
Yup
Kevin Brunson wrote:
Anyone else out there dealing with the Computer Associates eTrust
Antivirus signature thing this morning?
Symptoms: “The system
The whole call was NDA so unfortunately I have no news to
share.
I do have this to say though, if you or anyone feels this
is something that MSFT DNS should be able to do smack your TAM on the butt and
say "Hey TAM, earn your pay and listen up, we want this multiple view thing that
Bind
Absolutely Shocking!
Rob
Robert Rutherford
QuoStar Solutions Limited
T:+44 (0) 8456 440 331
F:+44 (0) 8456 440 332
M:+44 (0) 7974 249 494
E:[EMAIL PROTECTED]
W:www.quostar.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
I misunderstood his question. Why not have the companys
ISP handle external DNS? The situation he is describing is no good.
Thanks,
Anthony Scott
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Akomolafe, Deji
Sent: Friday, September 01, 2006 11:35 AM
To:
see for list of KB articles about DNS:
http://blogs.dirteam.com/blogs/jorge/archive/2006/06/16/1134.aspx
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
(
We have found varying degrees of destruction, but so far none that could
not be recovered. For some reason MS KB323497 seems to resolve just
about everything we have come across.
We have found a few servers that get blank screens in safe mode. They
never get to a logon prompt. Anyone gotten
It depends on your site topology that you have now. If you were to move the ip address definitions but have no dc in that site, then the clients would be forced to find one elsewhere according to costs etc. Is that acceptable in your environment?
In the end, I doubt it really matters a whole heck
I know we've provided support for multiple password policies for
different users of the same domain for at least one customer with our
P-Synch product.
Our customer in this case was doing more or less the same thing
as you are asking about -- stronger password complexity rules for
admin users,
I can say that I have seen logs way bigger than the specified max size.
That's probably due to the little bug in the Policy setting vs actual
size, I don't have the reference with me but it's back at the office, I
had to figure it out because my DC logs actual sizes weren't matching
what was in
The bug you're probably referring to is that in 2003 RTM you cannot reduce
the size of an Event Log via GPO. You can increase the size but not
decrease it. This can cause you to have larger logs than what you think if
all you do is review what the GPOs say.
-Original Message-
From:
Exactly. As described in KB824245. Thanks David.
That is exactly what happed to me, I was controlling the size with the
GPO (or so I thought) and when I was done testing and wanted to reduce
the size, the actual logs never reflected the GPO setting.
-Original Message-
From: [EMAIL
of
plans to allow setting password policies at the OU level
What would be the
direction theyd go to implement this? Since the setting is in the
computer section of the GPO, it seems to offer all the functionality one should expect. And in fact, it is applicable
at the OU level and it
while i'm sure there are some out there; i've probably got
50+ SBS clients that we host their DNS - they don't tend to have big pipes,
reliable pipes, reliable power,or technical know how (you'd be surprised
how difficult it is to explain the purpose of a PTR record to someone who didn't
I can visualize mechanisms to pull this off in the existing
GPOs or to do it outside of the GPOs.Having thought about this quite a bit
in the past,my personal preference would be to handle this outside of the
GPOs for severalreasons. Some of the reasons off the top of my
head:
o
The Official SBS Blog : SBS 2003 fails to boot (Gray screen after
Windows splash screen):
http://blogs.technet.com/sbs/archive/2006/09/01/453504.aspx
...I'm just having a hard time understanding how flagging lsass could be
missed in testing...but hey...that's just me...
--
Letting your
You might very well find that it broke the HTTP SSL service. Since
HTTPFilters runs as lsass.exe, it kinda screws things up. This is the
only problem I am still dealing with. WWW pub won't run without it. So
no OWA. Still trying to figure that one out. Other than that, we've
fixed 30 servers
Yup that's what the PSS guys are saying too... the easiest way it to fix
it is to find good parts on a server and put it back
If it helps any MS runs etrust... I wonder if they got nailed... one can
only hope to ensure that CA never ever does this again.. ya think?
Kevin Brunson wrote:
A few comments, in no particular order
I can visualize mechanisms to pull this off in the existing GPOs or
to do it outside of the GPOs
Well sureit doesnt take a
visionary to see how this could be done. ;) See LDAP policies for one such
example (though by no means the only choicein
While you guys are skinning that cat (or is it buttering it?) let me
throw out the var/vap world of admin passwords... You have a bunch of
managed clients... you have employees that regularly have admin rights
to those servers. An employee leaves. You need to revoke rights to
that DC.
How is
36 matches
Mail list logo
