This company doesn't provide a large amount of
documentation on how they are doing this password change but it seems like they
are using the MS supported method.
As for scripting password resets, I'm very concerned
especially if this gets implemented I will need to see how it will function with
test domains.
I'm also not a big fan of putting an extra component on
everyone's desktop (which you only have to do if you want the end-users to see
an accurate password change error if one occurs).
I guess the first question I should have asked
is:
Has anyone used a password filter dll to create
a custom password rule? And if so, have you seen any issues with
it?
One thing that is interesting with this application, and
something that I'm wary of, is that their GPO adm becomes a component of the
Default Domain Policy (due the domain password policy). I'm not a real big
fan of modifying that policy.
Thanks for the input though, I would have overlooked the
scripting testing component.
Charlie
From: joe [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 18, 2006 9:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Multiple Password Policies
Ditto whjat Neil said.
These are things you need to test very very very very very
much. They are hooked into a very core part of your DCs. You want to really load
a DC up and stress test the crap out of the tool it to see how it handles things
and try to get as much technical detail as possible. Since it is sending rule
info back to the clients something will have to be on the clients which bothers
some people, this will be added software to clients as well as possibly servers.
Also how does it handle if someone scripts a password change or uses something
other than the standard Windows GUI to change a password? Do you
care?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, January 18, 2006 9:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Multiple Password Policies
I have not used or assessed a product like this, but I
would guess that a client side GPO extension is required. This may not be
feasible in certain environments.
neil
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles
Sent: 18 January 2006 13:58
To: 'ActiveDir@mail.activedir.org'
Subject: [ActiveDir] Multiple Password Policies
I was
just asked to look at this application that was recently
released:
It
seems like someone did some good programming around the password filter dll
concept and then tied it into security groups and GPOs.
Has
anyone seen this application and what do you guys think about
it?
Thanks,
Charlie
PLEASE READ: The
information contained in this email is confidential and
intended for the
named recipient(s) only. If you are not an intended
recipient of this
email please notify the sender immediately and delete your
copy from your
system. You must not copy, distribute or take any further
action in reliance
on it. Email is not a secure method of communication and
Nomura International
plc ('NIplc') will not, to the extent permitted by law,
accept
responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence
of any virus, worm or similar malicious or disabling
code in, this
message or any attachment(s) to it. If verification of this
email is sought then
please request a hard copy. Unless otherwise stated
this email: (1) is
not, and should not be treated or relied upon as,
investment research;
(2) contains views or opinions that are solely those of
the author and do
not necessarily represent those of NIplc; (3) is intended
for informational
purposes only and is not a recommendation, solicitation or
offer to buy or sell
securities or related financial instruments. NIplc
does not provide
investment services to private customers. Authorised and
regulated by the
Financial Services Authority. Registered in England
no. 1550505 VAT No.
447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A
member of the Nomura group of companies.