Educause Security Discussion mailing list archives
Re: Active Directory Password Strength
From: "Cary, Kim" <Kim.Cary () PEPPERDINE EDU>
Date: Wed, 16 Nov 2005 08:31:26 -0800
Outstanding comment Russell -- locking out unused accounts is very helpful. The problem we've had in the past (NT4 Domain) is that some 'domain accounts' do not show up as having logged in (from the domain admins POV) because they never log in to the domain directly. They are quite active with LDAP binds, Exchange POP logins, etc. which are back ended to the domain. While the Domain 'bad attempt lockout' policy applies to these various logins, admins could not find a central place to see 'account activity'. Is there a central place under AD where you can find that a successful authentication has taken place from ANY client against the domain credentials? On 11/15/05 9:00 PM, "SECURITY automatic digest system" <LISTSERV () LISTSERV EDUCAUSE EDU> wrote:
Date: Wed, 16 Nov 2005 10:58:14 +1300 From: Russell Fulton <r.fulton () AUCKLAND AC NZ> Subject: Re: Active Directory Password Strength One thing I think is more important than frequent changes of password is to automatically disable accounts that have not been used for some extended period of time. There will need to be exceptions but for the most part disabling accounts that have not been used for 3 months is a good idea. Don't delete anything at this stage just disable the access.
Current thread:
- Active Directory Password Strength Cary, Kim (Nov 14)
- <Possible follow-ups>
- Re: Active Directory Password Strength Tim Howard (Nov 14)
- Re: Active Directory Password Strength Stewart, Ian (Nov 14)
- Re: Active Directory Password Strength Lucas, Bryan (Nov 14)
- Re: Active Directory Password Strength Bradley Ellis (Nov 14)
- Re: Active Directory Password Strength Graham Toal (Nov 15)
- Re: Active Directory Password Strength Russell Fulton (Nov 15)
- Re: Active Directory Password Strength Cary, Kim (Nov 16)
- Re: Active Directory Password Strength Graham Toal (Nov 16)
- Re: Active Directory Password Strength Eric Brewer (Nov 16)
- Re: Active Directory Password Strength Riedl, Steve Thomas (Nov 17)
- Re: Active Directory Password Strength Russell Fulton (Nov 25)