Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Password policy enforcement tools was RE: ADSI question

from [Eric Peeters] Network Security [Permanent Link]
Subject: Password policy enforcement tools was RE: ADSI question
Date: Fri, 27 Aug 2004 16:26:15 -0500 
Hijacking on this thread (with my apologies), I was wondering whether many 
admins use
third-party password policy enforcement tools and whether it has led to less 
password
cracking.

I use one such tool to reach what I think is a reasonable middle ground between 
the basic
Windows 2000 password settings and complex password requirements, and I find 
that I need
to crack my users' passwords less often. Since they now have no choice but to 
comply with
my password policy, password cracking has gone from being an enforcement tool 
to being a
way of checking that my policy is neither too loose nor too restrictive and 
fine-tuning
said policy accordingly.

Am I being too confident in a tool in performing less password crackings, or am 
I not
alone out there ?

Eric Peeters
R. Ibarra's Inc.


-----Original Message-----
From: Bruce K. Marshall [mailto:bkml@att.net] 
Sent: Thursday, August 26, 2004 8:59 AM
To: Paul Aviles
Cc: focus-ms@securityfocus.com
Subject: Re: ADSI question


Paul,

The only ways to measure a password's quality is to either guess them
(online) or crack them (offline).  If you exported the LM password hashes you 
could tell
whether they were shorter than 8 characters, but any other info requires 
cracking.  We've
been providing clients with 'password policy compliance' reports where we crack 
the
passwords and then compare the findings to their existing or planned policy.

If you do an in-place migration you'll still be stuck with the previous 
passwords.  You
can turn on password complexity, but that won't be enforced until the next 
password
change.

Scripting can tell you some cool stuff, such as when the user last logged into 
the domain
and when they last changed their password.  But it won't do anything related to 
password
quality.

----
Bruce K. Marshall - bmarshall@securityps.com - 913-484-7233 Security 
Professional
Services, Inc. - Kansas City


----- Original Message ----- 
From: "Paul Aviles" <paviles@adjoined.com>
To: <focus-ms@securityfocus.com>
Sent: Wednesday, August 25, 2004 11:30 AM
Subject: ADSI question


Is it possible to use ADSI to query user accounts and find if they are using a 
strong
password? Before using GPO's to enable it, I need to have an audit and show how 
many
people don't have them.  Is this a property of the users?

Also, I believe that when you install AD in a new environment by default it has 
strong
password enabled. Is that the same when you do an in place migration?

Thanks

Paul

---------------------------------------------------------------------------
---------------------------------------------------------------------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: ADSI question, Paul Aviles
Next by Date:  RE: ADSI question, Free, Bob
Previous by Thread:  Re: ADSI question, Joseph Clark
Next by Thread:  Re: Password policy enforcement tools was RE: ADSI question, Jose Maria Lopez
Indexes:  [Date] [Thread] [Top] [All Lists]