Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: active directory password policy

from [Renouf, Phil] Network Security [Permanent Link]
Subject: RE: active directory password policy
Date: Mon, 7 Feb 2005 16:31:16 -0500 
There are a few viable options here. Many VPN client applications will
let you run the client as a service so that it can be started up prior
to the user logging onto their desktop such that when they log onto
their desktop they are prompted for their password expiring in X days.
This is a very good way to handle this issue with remote users.

Also, if you are using Citrix for Extranet access then Citrix will
prompt users for their password expiring. This is a handy by-product of
using the Citrix Extranet client.

Phil 

-----Original Message-----
From: Matthew Jenkins [mailto:Matthew.Jenkins@tmctechnologies.com] 
Sent: Monday, February 07, 2005 2:14 PM
To: William Stegman; focus-ms@securityfocus.com
Subject: RE: active directory password policy 

We have currently not found a good solution for this either.

We are using the iisadmpwd that comes with Exchange to allow offsite
users to set their passwords.  I have read that this utility is
insecure.  The use of this utility is restricted to valid accounts on an
SSL enabled site.  This was a better solution that giving passwords over
the phone, or even worse, someone e-mailing the password (it ceases to
amaze me that people do these things).

Matt


Matthew Jenkins
Senior Network Specialist
TMC Technologies, Inc.
304.368.1862 ext 26
AOL: MLJenkinsCom  Yahoo: mljenkins  ICQ: 8116624  MSN Visit us online
at www.tmctechnologies.com

-----Original Message-----
From: William Stegman [mailto:stegmanw@comcast.net]
Sent: Friday, February 04, 2005 5:10 PM
To: focus-ms@securityfocus.com
Subject: active directory password policy 

Does anyone have any experience with remote users who do not login to
the domain on a regular basis or at all, and have a password expiration
policy in effect? We can't seem to come up with a good plan to handle
these users. They only occassionally access domain resources such as
webmail via the Internet or an internal website to do timesheets via
vpn, and will not have the luxury of logging on to a machine connected
to our LAN and getting the warning about soon to expire passwords. If
our policy dictates passwords expire every 90 days, how can we avoid the

inevitable calls regarding password resets?

thx

/William Stegman - Network Administrator///

TransCore - Hummelstownd



------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: active directory password policy, Erin Osminer
Next by Date:  RE: active directory password policy, John Coke
Previous by Thread:  RE: active directory password policy, Erin Osminer
Next by Thread:  RE: active directory password policy, John Coke
Indexes:  [Date] [Thread] [Top] [All Lists]