Security Basics mailing list archives
Re: Re: Changing the domain password policy
From: "David Grant" <dpgrant () blueyonder co uk>
Date: Fri, 2 Feb 2007 23:55:48 -0000
You deal with the Service Account passwords by making them comply with your password policy.
A point to note - 1 domain 1 password policy.you can create as many different password policies as you like - the Domain Password Policy will be the one actually applied to all users.
----- Original Message ----- From: "Mike Devlin" <mdevlin () boston com>
Cc: <security-basics () lists securityfocus com> Sent: Friday, February 02, 2007 7:17 PM Subject: [Norton AntiSpam] Re: Changing the domain password policy
yes, you are right that if you change the password complexity requirements/minimum length, all the accounts that don't meet the new requirements are fine until their password expires or is forced to rotate. I suppose that if you wanted to be extra safe, you could make a policy just for the service accounts, and have a different set of password requirements for these accounts, and have the default domain policy have the stronger password complexity settings.- Mike Gary Collis wrote:Hi All,I wish to amend my windows domain policy to include passowrd complexity and minimum length. However I have a bunch of service accounts, of which I do not know all. These passswords are set in AD to not expire. Am I right in thinking that the changes to the domain password policy will not effect the accounts that have this attribute set in AD, until these passwords are actually changed?How do other people deal with service accounts and their adherence to domain password policys?Thanks,
Current thread:
- Changing the domain password policy Gary Collis (Feb 02)
- RE: Changing the domain password policy Huang, John, GCM (Feb 02)
- RE: Changing the domain password policy Roger A. Grimes (Feb 05)
- RE: Changing the domain password policy Scott Ramsdell (Feb 02)
- RE: Changing the domain password policy Roger A. Grimes (Feb 05)
- RE: Changing the domain password policy Depp, Dennis M. (Feb 02)
- Re: Changing the domain password policy Mike Devlin (Feb 02)
- Re: Re: Changing the domain password policy David Grant (Feb 05)
- Re: Changing the domain password policy Raoul Armfield (Feb 06)
- <Possible follow-ups>
- Re: Changing the domain password policy krymson (Feb 02)
- Re: Changing the domain password policy test (Feb 07)
- RE: Changing the domain password policy Huang, John, GCM (Feb 02)