Security Basics mailing list archives
Re: user default password checking tool
From: PCSC Information Services <info () pcsage biz>
Date: Fri, 15 Sep 2006 15:17:10 -0400
Hello Pavan,The first problem to tackle in this respect is policy. Your organization needs
to adopt a password policy wherein passwords of a certain quality andcomplexity are mandated by IT policy mechanisms. In a windows environment you can set these policies using the security and configuration analysis snap-in.
This is the best way to ensure that the default pass is changed on first log-in,
and that passwords are routinely updated. You can also mandate that all passwords be changed at next log-on to ensure that any such passwords would be updated. See http://www.sans.org/resources/policies/Password_Policy.pdf for greatadvice with respect to passwords. I understand that this doesn't 'answer' your question, but in the main, adopting a policy with respect to password
will obviate the need to ask exactly this type of question. Good luck with the policies. Sincerely, Sean Swayze On 14-Sep-06, at 9:41 PM, vijay shetti wrote:
hello all!! In my company when we create a new user he is given an initial password.But then he is told to change the password.The password is initial of the employee name followed by 123.. for vijay shetti it willl be vs123... We have a domain based environment.I want to check now how many users have not changed their initial password using some tool that gives me list of usernames whose password has 123 in the end. We follow the same procedure for creating outlook mail password.If there is any tool/script that also helps me find out this then it will greatly help me. Waiting for your reply, Pavan.---------------------------------------------------------------------- -----This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.http://www.msia.norwich.edu/secfocus---------------------------------------------------------------------- -----
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- user default password checking tool vijay shetti (Sep 15)
- Re: user default password checking tool Daniel DeLeo (Sep 15)
- Re: user default password checking tool Allan Seyberth (Sep 15)
- RE: user default password checking tool Cote, Marc J. (Sep 18)
- Re[2]: user default password checking tool Roman Shirokov (Sep 18)
- Re: user default password checking tool badz (Sep 18)
- RE: user default password checking tool Dixon, Wayne (Sep 18)
- Re: user default password checking tool Raoul Armfield (Sep 18)
- RE: user default password checking tool Greg Jones (Sep 18)
- Re: user default password checking tool PCSC Information Services (Sep 18)
- Re: user default password checking tool Josh Parker (Sep 22)
- Re: user default password checking tool Alexander Bolante (Sep 25)
- Re: user default password checking tool Terry Lowery (Sep 26)
- Re: user default password checking tool Machiavel (Sep 27)
- Re: user default password checking tool Terry Lowery (Sep 27)
- Re: user default password checking tool Alexander Bolante (Sep 25)
- Re: user default password checking tool Mario A. Spinthiras (Sep 25)
- Re: user default password checking tool Ahmouda (Sep 29)
- <Possible follow-ups>
- RE: user default password checking tool Beauford, Jason (Sep 15)
- Re: user default password checking tool krymson (Sep 19)