Create a group policy and apply it only to the security group and OU that
contains all the admin users.
David Scalcione
-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com]On Behalf Of WALI
Sent: Saturday, December 15, 2007 11:33
To: security-basics@securityfocus.com
Subject: Policy enforcement- Admin accounts
In an active directory environment (windows 2003), I want to ensure lockout
for administrator accounts also, in order to protect against attempts to
brute force account password. The flipside is, we might have a DoS situation
but I can live with it. Is there a tool I can deploy to ensure that admin
account also locks out after certain no. of attemps?
Also, ONLY for admin accounts, I want to enforce certain settings like:
Password should contain atleast 15 characters, should not contain a
dictionary word etc.
My normal password policy for AD user accounts, set at the domain level is a
minimum of 8 chars but I want to deploy this special policy of 15 chars
minimum for admin accounts.
How should I go about this?
The information contained in this communication is confidential and privileged
information intended only for the use of the individual or entity to which it
is addressed. If you are not the addressee indicated in this message (or an
agent responsible for delivery of the message to such person), you are hereby
notified that you have received this communication in error and that any
review, dissemination, copying, or any action or omission taken by you in
reliance on it, is strictly prohibited. Please destroy this message and notify
the sender immediately if you have received it in error.
Please also advise immediately if you or your employer do not consent to e-mail
communications. Opinions, conclusions and other information in this message
that do not relate to the official business of Yardville National Bank shall be
understood as neither given nor endorsed by it.
