To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Seperate Administrator password policy
A few comments, in no particular order
I can visualize mechanisms to pull this off in the existing GPOs or
to do it outside of the GPOs
Well sureit doesnt take a visionary to see how this could
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Seperate
Administrator password policy
A few comments, in no particular
order
I can visualize mechanisms to pull this off in the existing GPOs or
to do it outside of the GPOs
Well sureit doesnt take a
visionary to see how
] On Behalf Of Eric Fleischman
Sent: Saturday, September 02, 2006 6:25 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Seperate Administrator password policy
Is this a serious question? I have no idea. If I knew, not only
would I do this, but Id run out and buy a lotto ticket
. But I’ll keep
hoping anyways.
/Guido
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Eric Fleischman
*Sent:* Saturday, September 02, 2006 6:25 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* RE: [ActiveDir] Seperate Administrator password policy
Is this a serious question? I
: Saturday, September 02, 2006 12:43 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Seperate Administrator password policy
...you know a few Longhorn bugs filed on this might help
(hint hint)
Grillenmeier, Guido wrote:
;-) thanks for the feedback anyways Eric - it gives us an idea
: Saturday, September 02, 2006 12:43 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Seperate Administrator password policy
...you know a few Longhorn bugs filed on this might help
(hint hint)
Grillenmeier, Guido wrote:
;-) thanks for the feedback anyways Eric - it gives us an idea
that does what we speak of?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Thursday, August 31, 2006 7:13 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Seperate
Administrator password policy
How are you guys checking password length after the
fact
Behalf Of joe
Sent: Thursday, August 31, 2006 7:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Seperate Administrator password policy
How are you guys checking
password length after the fact?
--
O'Reilly Active Directory Third
Edition - http://www.joew
MAIL PROTECTED]]
On Behalf Of joeSent: Thursday, August 31, 2006 7:13
PMTo: ActiveDir@mail.activedir.orgSubject:
RE: [ActiveDir] Seperate Administrator password policy
How are you guys checking password length after the
fact?
--
O'Reilly Active Directory Third Edition - http
01, 2006 12:28To:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Seperate
Administrator password policy
Come on.. You mean searching for a _vbscript_ to check password
length yields nothing on Google.com?Here is a
start:==Dim UserDim
As a
side note to the other discussions, you do not need to set minPwdLength *and*
uASCompat. minPwdLength is for a Win2K3 domain, and uASCompat is for a Windows
2000 domain. In Windows 2000, you can also just directly edit the GP template
(.adm).
Laura
From: [EMAIL PROTECTED]
lto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel
V CTR USAF NASIC/SCNASent: Friday, September 01, 2006 4:55
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Seperate Administrator password policy
Yeah thats what me and my coworkers have been debating,
what method to use to check passw
I know we've provided support for multiple password policies for
different users of the same domain for at least one customer with our
P-Synch product.
Our customer in this case was doing more or less the same thing
as you are asking about -- stronger password complexity rules for
admin users,
31, 2006
7:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Seperate
Administrator password policy
Agree, a separate
domain is certainly a very high price to pay itll cause ongoing
headaches with very little benefit. Other companies add requirements for
smartcard logons
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Crawford,
ScottSent: Friday, September 01, 2006 4:08 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Seperate
Administrator password pol
, 2006
2:57 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Seperate
Administrator password policy
I can visualize mechanisms to pull this
off in the existing GPOs or to do it outside of the GPOs.Having thought
about this quite a bit in the past,my personal preference would be to
handle
third party software could be an option
for example: http://www.anixis.com/products/ppe/default.htm
jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta,
Nathaniel V CTR USAF NASIC/SCNASent: Thursday, August 31, 2006
14:15To:
Would it be easier just to ask them to use 15 characters? Run a small
script to check on the numbers of characters after the passwords have
been changed. If under 15 than ask them to change it again.
-Z.V.
Almeida Pinto, Jorge de wrote:
third party software could be
an option
We are still testing PassFiltPro software
(http://www.altusnet.com/products/) which supposedly has the ability with one
of its versions (MPE) to enforce different password policies based on global
groups. This is mentioned only for information, not endorsement, at this
time.
Mike
: Thursday, August 31, 2006 8:39 AMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Seperate
Administrator password policy
Would it be easier just to ask them to use 15 characters? Run a
small script to check on the numbers of characters after the passwords have been
changed. If under 15
Make everyone use 15 character passwords?
Mark
-Original Message-
From: Bahta, Nathaniel V CTR USAF NASIC/SCNA [EMAIL PROTECTED]
Date: Thu, 31 Aug 2006 08:15:13
To:ActiveDir@mail.activedir.org
Subject: [ActiveDir] Seperate Administrator password policy
Just wanted to field this to see
PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Seperate Administrator password policy
Would it be easier just to ask them to use 15
characters? Run a small script to check on the numbers of characters
after the passwords have been changed. If under 15 than ask them to change
, 2006 2:58 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Seperate Administrator password policy
I thought about that, but that does not prohibit you from setting a
password less than 15 characters. I thought about setting it up to run on
a changenotify event
No, just administrator accounts.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: Thursday, August 31, 2006 8:57 AM
To: ActiveDir.org
Subject: Re: [ActiveDir] Seperate Administrator password policy
Make everyone use 15 character
, 2006 7:58 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Seperate
Administrator password policy
Agree,
a separate domain is certainly a very high price to pay itll cause ongoing
headaches with very little benefit. Other companies add requirements for
smartcard
, patching and all that other
stuff
jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta,
Nathaniel V CTR USAF NASIC/SCNASent: Thursday, August 31, 2006
14:58To: ActiveDir@mail.activedir.orgSubject: RE:
[ActiveDir] Seperate Administrator password policy
31, 2006 8:58
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Seperate Administrator password policy
I thought about that, but that does not prohibit you from
setting a password less than 15 characters. I thought about setting it up
to run on a changenotify event
No that's what I meant - make them all 15 character passwords.
-Original Message-
From: Bahta, Nathaniel V CTR USAF NASIC/SCNA [EMAIL PROTECTED]
Date: Thu, 31 Aug 2006 09:31:08
To:ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Seperate Administrator password policy
No, just
August 2006
10:39 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Seperate
Administrator password policy
Would it be easier just to ask them to use 15
characters? Run a small script to check on the numbers of characters
after the passwords have been changed. If under 15 than ask them
@mail.activedir.orgSubject: RE: [ActiveDir] Seperate
Administrator password policy
I agree to
Za,
But adjust the script
so that it automatically locks the account should it not be 15 characters long
then they have to change it.
Just and idea from a
newbie.
Kat
From:
[EMAIL PROTECTED] [mailto:[EMAIL
30 matches
Mail list logo