Security Basics mailing list archives

Re[2]: user default password checking tool

From: Roman Shirokov <insecure () yandex ru>
Date: Sat, 16 Sep 2006 17:51:10 +0400

Hello Allan,

Friday, September 15, 2006, 11:40:11 PM, you wrote:

To come at the problem from an oblique, the password age utility
(http://www.systemtools.com/free.htm) can tell you the number of days
since their last password change.

Match that against maximum password age duration and you'll learn who
hasn't been changing their passwords.

On 9/14/06, vijay shetti <vijay.shetti () gmail com> wrote:

hello all!!

In my company when we create a new user he is given an initial
password.But then he is told to change the password.The password is
initial of the employee name followed by 123..
for vijay shetti it willl be vs123...

We have a domain based environment.I want to check now how many users
have not changed their initial password using some tool that gives me
list of usernames whose password has 123 in the end.


We follow the same procedure for creating outlook mail password.If
there is any tool/script that also helps me find out this then it will
greatly help me.


Waiting for your reply,
Pavan.


Hi folks

Pavan, why you don't use such thing as "User must change password at
the next log on" from Active directory. This way you can be sure that
password is changed.


-- 

 Roman Shirokov
 e-mail: insecure () yandex ru
 http://securitybox.org.ru



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

user default password checking tool vijay shetti (Sep 15)
- Re: user default password checking tool Daniel DeLeo (Sep 15)
- Re: user default password checking tool Allan Seyberth (Sep 15)
  - RE: user default password checking tool Cote, Marc J. (Sep 18)
  - Re[2]: user default password checking tool Roman Shirokov (Sep 18)
  - Re: user default password checking tool badz (Sep 18)
  - RE: user default password checking tool Dixon, Wayne (Sep 18)
- Re: user default password checking tool Raoul Armfield (Sep 18)
- RE: user default password checking tool Greg Jones (Sep 18)
- Re: user default password checking tool PCSC Information Services (Sep 18)
- Re: user default password checking tool Josh Parker (Sep 22)
  - Re: user default password checking tool Alexander Bolante (Sep 25)
    - Re: user default password checking tool Terry Lowery (Sep 26)
    - Re: user default password checking tool Machiavel (Sep 27)
    - Re: user default password checking tool Terry Lowery (Sep 27)

(Thread continues...)