Many Canadian companies are affected by stuff like Sarbanes-Oxley, although granted a small shop here in Ontario probably isn't.
Phil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, November 03, 2004 2:55 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Notification containing new password I noticed the Canadian domain though and figure he has other issues to contend with. EU and US rules and regs aren't likely high among them yet (ofa.on.ca is the senders domain). But that would likely be true for that and many other regulations around the world. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Wednesday, November 03, 2004 2:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Notification containing new password Not to mention illegal, if you're under Sarbanes-Oxley controls, right? <mc> -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, November 03, 2004 2:09 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Notification containing new password Yup, you brought it on Deji. :) To add to the fodder: Keep in mind that passwords are stored in a way that prevents you from getting them back out without cracking them. That's not a foolproof way to gather the data you want. I agree it is a bad idea to do that. However, if you wanted to get them and let them change their own passwords, you would want a web based system that collects the data at the beginning of the cycle. You could then use the web interface to change passwords on other systems as well providing additional benefit. Something like IISADMPWD in a modified version might be useful for such a solution. If you haven't heard it enough already, it's a bad idea to collect user passwords though. It defeats a ton of safeguards and puts you at risk for finger pointing etc. Better to just reset passwords and tell the user of their new password should you need to access the services as that user, as suggested by plenty of others on this thread. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Wednesday, November 03, 2004 2:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Notification containing new password Omg, Deji...here we go <mc> -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, November 03, 2004 1:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Notification containing new password I don't think there is such tool natively. I imagine that you could put a web interface on a vbscript where you direct your users to go to when they need to change their passwords. In the code, you will then put in a routine that grabs the value they type in and email it to you. Now, I will get away quickly before Joe shows up with another "why-you-should-not-do-this" clue stick (I mean, KB article) :p Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Matthew Crape Sent: Wed 11/3/2004 10:21 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Notification containing new password Hi Group, I have already delved into the archives and I couldn't find quite what I was looking for. It is very possible that I looked over it, and if I did I apologize in advance. Now, to my question: We are a fairly small shop here (about 40 users) and the traditional way of doing a password change was to collect new passwords from everyone and then I change them in AD as well as in a couple of other places (i.e. like synchronizing them with our non-Exchange mail server). We did this so that in case somebody was away on vacation and we needed to log on to their computer (with their profile) we could do it. It saves the hassle of say, logging in with a domain account and then manually opening up a PST file or something like that. I would like to have the user's change their own passwords, but I would also like to be able to know their new passwords. We have had numerous issues in the past with people telling us their wrong passwords, so I would like to get it straight from AD if possible. Right now the only solution I can see is cracking all of the passwords, but that isn't the most feasible way. Does anyone know of a solution? Maybe something like an email generated by some sort of script with the new password? Sorry if this email dragged on for a bit. Any help is appreciated. Thanks. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
