The people requesting this do realize it will probably result in *weaker* security, don't they? These "strong" passwords are going to be written down and taped on the monitor, under the keyboard, inside the desk, on the desk, to the CPU, etc. Plus you will probably need to add seasonal staff every 60 days when these things expire and you are inundated with phone calls from teachers who can't remember what they changed their password to.
I agree with Curtis - a 5 character alphanumeric password should be sufficient for the type of access teachers would have. Also, keep in mind the password policy enforces "minimum" standards - there is nothing preventing staff from using complex passwords on their own, the system just would not enforce it. Thomas C. Steele Technology Director Manteno CUSD #5 From: [email protected] [mailto:[email protected]] On Behalf Of McKay, Curtis Sent: Thursday, July 29, 2010 8:33 AM To: 'Tech-Geeks Mailing List' Subject: Re: [tech-geeks] Password Restrictions - Windows 2003 Server A 2003 domain can't do it. It was one of the biggest things touted with 2008 that you could. You either have to upgrade or come to a procedural compromise. I will say that 5 character alpha numeric seems strong enough to me. We're high school only so I don't have experience here with younger grades but did with my previous employment and also the school I volunteer at for server management. People don't think the younger grades can handle accounts but you'd be surprised. Yes, it takes more than 1 or 2 trips to the lab for them to remember and get it, but they can do it. Curtis McKay Network Administrator Belleville Township High School District 201 [email protected]<mailto:[email protected]> From: [email protected] [mailto:[email protected]] On Behalf Of Tom Wilson Sent: Thursday, July 29, 2010 7:29 AM To: Tech-Geeks Mailing List Subject: [tech-geeks] Password Restrictions - Windows 2003 Server Currently our network is Windows based with our servers being 2003. In the past, our K-3 students have had accounts, but no passwords. I had staff and grades 4-8 set a password of 5 chars and just didn't tell them that it would accept blank passwords. I had to do it this way since 2003 server won't allow more than one password policy per domain. I am now being instructed to put strong password policies on the staff accounts. In order to do this, it would mean that all our students, including K-3 students, will have to somehow learn an 8 char password with 3 of 4 letters, numbers, caps, symbols, and then change it every 60 days without repeating the same password 6 times. I just can't fathom how a K-3 student will be able to do this on their own. If you have a 2003 environment, how do you handle the younger students passwords? Is there a way to somehow make a 2003 domain accept more than one password policy? Thanks, Tom Wilson Technology Coordinator/ Network Manager District 50 Schools Washington, IL (309) 745-9531
| Subscription info at http://www.tech-geeks.org |
