Security Basics mailing list archives
RE: Policy enforcement- Admin accounts
From: "Ricky Kerby" <Rkerby () fbtonline com>
Date: Mon, 17 Dec 2007 11:38:16 -0600
Create a new OU and put your admin accounts in it then remove the link for the Domain policy from the root. Then create a new GPO with the desired account settings and apply it to the OU with your admin accounts. Ricky E. Kerby Network Engineer/Data Security Officer First Bank and Trust Office: (504)-584-5943 Mobile: (504)-220-1631 Fax: (504)-620-1401 rkerby () fbtonline com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Charles Hardin Sent: Monday, December 17, 2007 10:35 AM To: WALI Cc: security-basics () securityfocus com Subject: Re: Policy enforcement- Admin accounts Sadly with AD you can only have one account security policy per domain. You would need to make a second domain in your forest and move your admin accounts there. Also remember the actual Administrator account CANNOT be locked out. On Dec 15, 2007 11:32 AM, WALI <hkhasgiwale () gmail com> wrote:
In an active directory environment (windows 2003), I want to ensure lockout for administrator accounts also, in order to protect against attempts to brute force account password. The flipside is, we might have a DoS situation but I can live with it. Is there a tool I can deploy to ensure that admin account also locks out after certain no.
of attemps?
Also, ONLY for admin accounts, I want to enforce certain settings
like:
Password should contain atleast 15 characters, should not contain a dictionary word etc. My normal password policy for AD user accounts, set at the domain level is a minimum of 8 chars but I want to deploy this special policy
of 15 chars minimum for admin accounts. How should I go about this?
Current thread:
- Information Security Charles Hardin (Dec 14)
- Re: Information Security Jamie Riden (Dec 14)
- <Possible follow-ups>
- Re: Information Security Matthew Webster (Dec 14)
- RE: Information Security Sheldon Malm (Dec 14)
- Policy enforcement- Admin accounts WALI (Dec 17)
- Re: Policy enforcement- Admin accounts Charles Hardin (Dec 17)
- RE: Policy enforcement- Admin accounts Ricky Kerby (Dec 17)
- Re: Policy enforcement- Admin accounts Paul J. Brickett (Dec 17)
- Message not available
- Re: Policy enforcement- Admin accounts Can DEGER (Dec 17)
- Re: Policy enforcement- Admin accounts Paul J. Brickett (Dec 17)
- Re: Policy enforcement- Admin accounts mgk.mailing (Dec 18)
- Re: Policy enforcement- Admin accounts Raoul Armfield (Dec 18)
- Re: Policy enforcement- Admin accounts MaddHatter (Dec 18)
- Re: Policy enforcement- Admin accounts Micheal Espinola Jr (Dec 18)
- Re: Policy enforcement- Admin accounts Charles Hardin (Dec 18)
- Re: Policy enforcement- Admin accounts mgk.mailing (Dec 18)
- Re: Policy enforcement- Admin accounts mgk.mailing (Dec 18)