Re: Active Directory Password Strength

["Stewart, Ian" <istewart () UMASSP EDU>]

AD passwords are applied by domain-level GPO's, as you probably know,
and include strong password enforcement as well as things like password
duration. If the applications that authenticate against AD are ADSI
enabled I think they will get warning and a chance to change passwords,
but if they do LDAP authentication I think you will need to provide a
means through scripting or by using an Identity Management solution. 

________________________________

From: Tim Howard [mailto:Timothy_G_Howard () RAYTHEON COM] 
Sent: Monday, November 14, 2005 1:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Active Directory Password Strength



Recommend you follow NIST guidelines: 

8 characters minimum 
combination of Upper and lower case alphas, numbers and special signs 
update your dictionary to reject obvious combinations of proper names,
names of local entities like sports teams, etc 

See 800-53, and 800-63, among others... 

http://csrc.nist.gov 





Raytheon
Tim Howard
Information Security Manager
Raytheon Information Solutions
301.943.4732 cell;      timothy_g_howard () raytheon com 



"Cary, Kim" <Kim.Cary () PEPPERDINE EDU> 

11/14/2005 01:13 PM 
Please respond to
The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>


To
SECURITY () LISTSERV EDUCAUSE EDU 
cc
Subject
[SECURITY] Active Directory Password Strength

        




Does anyone have any product recommendations or rollout procedures
(technical) they could recommend for implementing Active Directory
password
strength requirements?

Many (90%) of our users don't sign on to the domain, yet it controls
their
authentication as the backend for several systems. This prevents us from
just turning on requirements and letting them be prompted by their next
domain sign-in session for a new password.
Thanks for any suggestions!

-- 
Kim Cary, Ed.D.
Infrastructure Security Administrator
Pepperdine University
310 506 6655 - M-F 7-4