Security Basics mailing list archives
Re: Policy enforcement- Admin accounts
From: "Charles Hardin" <fonestorm () gmail com>
Date: Mon, 17 Dec 2007 11:34:40 -0500
Sadly with AD you can only have one account security policy per domain. You would need to make a second domain in your forest and move your admin accounts there. Also remember the actual Administrator account CANNOT be locked out. On Dec 15, 2007 11:32 AM, WALI <hkhasgiwale () gmail com> wrote:
In an active directory environment (windows 2003), I want to ensure lockout for administrator accounts also, in order to protect against attempts to brute force account password. The flipside is, we might have a DoS situation but I can live with it. Is there a tool I can deploy to ensure that admin account also locks out after certain no. of attemps? Also, ONLY for admin accounts, I want to enforce certain settings like: Password should contain atleast 15 characters, should not contain a dictionary word etc. My normal password policy for AD user accounts, set at the domain level is a minimum of 8 chars but I want to deploy this special policy of 15 chars minimum for admin accounts. How should I go about this?
Current thread:
- Information Security Charles Hardin (Dec 14)
- Re: Information Security Jamie Riden (Dec 14)
- <Possible follow-ups>
- Re: Information Security Matthew Webster (Dec 14)
- RE: Information Security Sheldon Malm (Dec 14)
- Policy enforcement- Admin accounts WALI (Dec 17)
- Re: Policy enforcement- Admin accounts Charles Hardin (Dec 17)
- RE: Policy enforcement- Admin accounts Ricky Kerby (Dec 17)
- Re: Policy enforcement- Admin accounts Paul J. Brickett (Dec 17)
- Message not available
- Re: Policy enforcement- Admin accounts Can DEGER (Dec 17)
- Re: Policy enforcement- Admin accounts Paul J. Brickett (Dec 17)
- Re: Policy enforcement- Admin accounts mgk.mailing (Dec 18)
- Re: Policy enforcement- Admin accounts Raoul Armfield (Dec 18)
- Re: Policy enforcement- Admin accounts MaddHatter (Dec 18)
- Re: Policy enforcement- Admin accounts Micheal Espinola Jr (Dec 18)
- Re: Policy enforcement- Admin accounts Charles Hardin (Dec 18)
- Re: Policy enforcement- Admin accounts mgk.mailing (Dec 18)