Security Basics mailing list archives
RE: Policy enforcement- Admin accounts
From: "Scalcione.David" <SCALCIONED () YANB com>
Date: Mon, 17 Dec 2007 11:40:45 -0500
Create a group policy and apply it only to the security group and OU that contains all the admin users. David Scalcione -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of WALI Sent: Saturday, December 15, 2007 11:33 To: security-basics () securityfocus com Subject: Policy enforcement- Admin accounts In an active directory environment (windows 2003), I want to ensure lockout for administrator accounts also, in order to protect against attempts to brute force account password. The flipside is, we might have a DoS situation but I can live with it. Is there a tool I can deploy to ensure that admin account also locks out after certain no. of attemps? Also, ONLY for admin accounts, I want to enforce certain settings like: Password should contain atleast 15 characters, should not contain a dictionary word etc. My normal password policy for AD user accounts, set at the domain level is a minimum of 8 chars but I want to deploy this special policy of 15 chars minimum for admin accounts. How should I go about this? The information contained in this communication is confidential and privileged information intended only for the use of the individual or entity to which it is addressed. If you are not the addressee indicated in this message (or an agent responsible for delivery of the message to such person), you are hereby notified that you have received this communication in error and that any review, dissemination, copying, or any action or omission taken by you in reliance on it, is strictly prohibited. Please destroy this message and notify the sender immediately if you have received it in error. Please also advise immediately if you or your employer do not consent to e-mail communications. Opinions, conclusions and other information in this message that do not relate to the official business of Yardville National Bank shall be understood as neither given nor endorsed by it.
Current thread:
- Re: Policy enforcement- Admin accounts, (continued)
- Re: Policy enforcement- Admin accounts mgk.mailing (Dec 18)
- Re: Policy enforcement- Admin accounts Raoul Armfield (Dec 18)
- Re: Policy enforcement- Admin accounts MaddHatter (Dec 18)
- Re: Policy enforcement- Admin accounts Micheal Espinola Jr (Dec 18)
- Re: Policy enforcement- Admin accounts Charles Hardin (Dec 18)
- Re: Policy enforcement- Admin accounts mgk.mailing (Dec 18)
- Re: Policy enforcement- Admin accounts mgk.mailing (Dec 18)
- Re: Policy enforcement- Admin accounts Micheal Espinola Jr (Dec 18)
- RE: Policy enforcement- Admin accounts Can Deger (Dec 18)
- RE: Policy enforcement- Admin accounts Jesse Eaton (Dec 18)
- RE: Policy enforcement- Admin accounts Scalcione.David (Dec 17)
- Re: Policy enforcement- Admin accounts mgk.mailing (Dec 17)
- Discussing Microsoft Forefront security attempt WALI (Dec 24)
- RE: Policy enforcement- Admin accounts Jesse Eaton (Dec 17)