My question was rhetorical. Cheers Ken
________________________________ From: Raper, Jonathan [jra...@eaglemds.com] Sent: Wednesday, 29 April 2009 2:34 PM To: NT System Admin Issues Subject: RE: Password Policy - - how do you handle this? Walk over to them and slap them? :) Seriously… Under Global Security Group Policy… (you are using GPOs, right?1?) enforce minimum password age (which removes their right to change their password on demand more than once every X number of days), combined with…cannot repeat any of the last Y passwords, combined with password change required every Z days. Where X, Y, & Z are numbers that you choose to meet your internal security requirements. Just make sure that X is less than Z! Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA jra...@eaglemds.com<UrlBlockedError.aspx> www.eaglemds.com<UrlBlockedError.aspx> ________________________________ From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, April 28, 2009 11:59 PM To: NT System Admin Issues Subject: RE: Password Policy - - how do you handle this? How do you stop someone changing their password 5/10/20 times in a couple of minutes, so as to get back to their "preferred" password? Cheers Ken ________________________________ From: Micheal Espinola Jr [michealespin...@gmail.com] Sent: Wednesday, 29 April 2009 3:11 AM To: NT System Admin Issues Subject: Re: Password Policy - - how do you handle this? IMO the history is a lot more important than the min age. -- ME2 On Tue, Apr 28, 2009 at 12:14 PM, Louis, Joe <jlo...@guardianalarm.com<mailto:jlo...@guardianalarm.com>> wrote: Actually, it’s a good security. If used with history, a minimum age prevents users from changing passwords the history length to get their preferred password back. Ie. qwerty -> qwertu qwertu -> qwerty qwerty -> qwerto qwerto -> qwertp qwertp -> qwerty From: Micheal Espinola Jr [mailto:michealespin...@gmail.com<mailto:michealespin...@gmail.com>] Sent: Tuesday, April 28, 2009 11:50 AM To: NT System Admin Issues Subject: Re: Password Policy - - how do you handle this? What is the theory behind this password age? Other people I know don't wash after visiting the restroom. Just because I know or work with them doesn't mean I'd ever shake their hand. -- ME2 On Tue, Apr 28, 2009 at 11:39 AM, Jeremy Anderson <jer...@mapiadmin.net<mailto:jer...@mapiadmin.net>> wrote: The security guy is insisting that we set the Min Password Age to 1 day. I agree in theory that this is a swell idea, but in practice, I think it will be a disaster. We have users that forget their passwords every other day (Don’t ask) and company politics that are going to let this bad habit continue. Admins reset the password, and set the flag that says “Must change password on next logon” I say, that the user will never get prompted to reset the next time they login, or that changing it will fail, because the password is now less than one day old. Security guy says “Not having that set is a bad idea, other companies do it, make it happen” How do you guys deal with this? Thanks Jeremy ________________________________ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~