RE: user default password checking tool

["Cote, Marc J." <mjcote () terracon com>]

There is a dll available through MS in the Account Lockout and
Management Tools available
http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4
E63-8629-B999ADDE0B9E&displaylang=en

The acctinfo.dll adds a tab to your AD account properties showing
additional information about the account, such as password age, etc.

Marc Cote
Mgr. of Network Services
Terracon Consultants Inc.
(913) 599-6886 x389


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Allan Seyberth
Sent: Friday, September 15, 2006 2:40 PM
To: security-basics () securityfocus com
Subject: Re: user default password checking tool

To come at the problem from an oblique, the password age utility
(http://www.systemtools.com/free.htm) can tell you the number of days
since their last password change.

Match that against maximum password age duration and you'll learn who
hasn't been changing their passwords.

On 9/14/06, vijay shetti <vijay.shetti () gmail com> wrote:
> hello all!!
>
> In my company when we create a new user he is given an initial
> password.But then he is told to change the password.The password is
> initial of the employee name followed by 123..
> for vijay shetti it willl be vs123...
>
> We have a domain based environment.I want to check now how many users
> have not changed their initial password using some tool that gives me
> list of usernames whose password has 123 in the end.
>
>
> We follow the same procedure for creating outlook mail password.If
> there is any tool/script that also helps me find out this then it will

> greatly help me.
>
>
> Waiting for your reply,
> Pavan.

------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has
designated Norwich University a center of Academic Excellence in
Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed
degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---

Terracon is a dynamic and growing consulting firm of engineers and 
scientists
providing multiple related service lines to local, regional, and national 
clients.



--------------------------------------------------------


This electronic communication and its attachments are forwarded to you for 
convenience. If this electronic transmittal contains Design Information or 
Recommendations and not just general correspondence, Terracon Consultants, 
Inc., and/or its affiliates ("Terracon") will submit a follow-up hard copy 
via mail or delivery for your records, and this hard copy will serve as a 
final record. In the event of conflict between electronic and hard copy 
documents, the hard copy will govern. This e-mail and any attachments 
transmitted with it are the property of Terracon and may contain 
information that is confidential or otherwise protected from disclosure. 
The information it contains is intended solely for the use of the one to 
whom it is addressed, and any other recipient should destroy all copies.


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------