Tom, I believe that the passwd_notereqd does in fact override the DDP.
Jason Centenni | The Capital Group Companies | Location:
SNO | Extension: 44843
Outside: 210-474-4843 | Cell: 210-385-5932 | E-mail:
[EMAIL PROTECTED]
[ Mailing: 3500 Wiseman Blvd. San Antonio, TX 78251-4321
USA ]
"Tom Kern"
<[EMAIL PROTECTED]
> To
ActiveDir@mail.activedir.org
Sent by: cc
[EMAIL PROTECTED]
ail.activedir.org Subject
Re: [ActiveDir] Strange password
issue
09/06/2006 12:09
PM
Please respond to
[EMAIL PROTECTED]
tivedir.org
This is a domain account.
To rehash-
The Default Domain Policy is set to min password length- 6 charcters.
This was created 2 years ago and never changed.
User account is a domain account created a month ago.
It was bought to my attention that the user can log in with no password.
I confirmed.
The userAccountControl attribute of the user object was set to 512(not that
i'm certain if setting the passwd_notreqd overrides the DDP).
The domain/forest is at w2k3 FL.
Thanks
On 9/6/06, Laura A. Robinson <[EMAIL PROTECTED]> wrote:
Impossible/irrelevant. If it's a domain account, the policy applies
regardless, because the account is stored in AD. If it's a local account,
then the policy doesn't apply regardless; domain account policies don't
apply to local accounts. Is this a local account or a domain account?
Laura
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Wednesday, September 06, 2006 11:44 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Strange password issue
If you mean before the policy was set up, then, no.
This policy has been in effect for a couple of years and the account was
created a month ago..
Maybe the PC is not getting the Default Domain Policy?
On 9/6/06, Williams, Robert <[EMAIL PROTECTED] > wrote:
Tom,
This is just a stab in the dark but is it possible that this user's
password was set prior to the Default Domain Policy being in effect?
Robert Williams
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Wednesday, September 06, 2006 9:39 AM
To: activedirectory
Subject: [ActiveDir] Strange password issue
I'm having this weird issue where I have a user account who is able to
log in with a blank password.
The Default Domain Policy is set to a min password length of 6
characters.
The userAccountControl on the user is set to 512.
The Domain is at win2k3 DFL and FFL.
Is there any other way besides a migration tool like Quest that could
circumvent this policy and allow blank passwords?
Thanks
2006-09-06, 11:32:05
The information contained in this e-mail message and any attachments may
be privileged and confidential. If the reader of this message is not the
intended recipient or an agent responsible for delivering it to the
intended recipient, you are hereby notified that any review,
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please
notify the sender immediately by replying to this e-mail and delete the
message and any attachments from your computer.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
