Of
Steve Schofield
Sent: Thursday, September 30, 2004 4:37 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Password Policy question
Thanks Darren/Douglas
Its amazing such a simple concept can raise so many
questions. This question was really just pertaining to
strictly to admin
PROTECTED]Subject: RE: [ActiveDir] Password Policy question
Hi Steve,
Usually service accounts should be treated more sensitive than reqular user
accounts since they are more exposed to threads (they are configured on
multiple machines, mostly including the least trusted machine, and in many
environments
a less obvious name for service
accounts then SRVACCT - a little obscurity never hurts
either.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Deji
AkomolafeSent: Thursday, September 30, 2004 2:49 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Password Policy
question
er 30, 2004 2:49 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Password Policy
question
If
you need to access it, just change it (as above) since you should have a process
in place to change those on a reqular basis anyways.
I don't understand the logic
of this recommendation. I h
:02 AM
Subject: RE: [ActiveDir] Password Policy question
I actually think you shouldn't share service accounts between machines or
services. Each one should get their own specific ID for reasons like this
and if someone decides to go after one ID you don't lose functionality of
every machine
On a slightly related note, though, I prefer to use a less obvious name
for service accounts then SRVACCT - a little obscurity never hurts either.
You are taking me literally. You didn't really presume that SRVACCT is a real
account's name? Or that I have 30 servers. Or that the account actually
as Deji quickly renames his service accounts...
:o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, September 30, 2004 12:11 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Password Policy
] on behalf of joe
Sent: Thu 9/30/2004 9:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Password Policy question
as Deji quickly renames his service accounts...
:o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday
PROTECTED]
Subject: RE: [ActiveDir] Password Policy question
as Deji quickly renames his service accounts...
:o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, September 30, 2004 12:11 PM
To: [EMAIL PROTECTED]; [EMAIL
The password policy is a domain wide thing. You cant restrict it to certain OUs.
Whatever you set it as is what it will be. Would be helpful to apply it to certain
OUs, but password policies are there to protect the entire environment, so objecst
that would not be using the same policy would be
:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Password Policy
question
The password policy is a
domain wide thing. You cant restrict it to certain OUs. Whatever you set it as
is what it will be. Would be helpful to apply it to certain OUs, but password
policies are there to protect the entire
Message -
From: Darren Mar-Elia [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, September 29, 2004 10:01 PM
Subject: RE: [ActiveDir] Password Policy question
Also, keep in mind that password policy is a machine policy, so in any
case, its not being applied to user accounts--but rather
12 matches
Mail list logo