Title: Message
|
Then go thru sets of 50 and require them to change
thier password.
----- Original Message -----
Sent: Tuesday, August 05, 2003 8:04
AM
Subject: RE: [ActiveDir] Password
Lookup
Hi
Mike,
You
can require "complex" passwords by setting the Domain Security Policy
-> Account Policies -> Password Policy -> Password must meet
complexity requirements.
Here
is more info:
After setting password complexity, it only applies when a password is
changed (or initially set when a user is created). It does not impact
users that are currently using non-complex passwords.
Regards,
Robbie Allen
Hi
Robbie,
I'm not aware that Windows 2000 password
complexity switch prevents the use of dictionary words. That certainly
has not been the case here. Please let me know if there is some
"special" switch to prevent dictionary words and what dictionary it
uses. Thanks!
Mike Thommes
Argonne National Laboratory
I don't believe MS does, but there are a few
scripts/tools on the net that can be used to do it.
Have you enabled password complexity, which
prevents the use of dictionary passwords? Do you have account
lockout enabled? It is much harder (i.e. time consuming) to
perform dictionary attacks against AD if account lockout is turned
on.
Robbie Allen
Does anyone
know if Microsoft provides provisions for doing dictionary lookups on
passwords?
Thanks!
Ryan McDonald
Systems Administrator
The
Bankers
Bank
|
