Security Basics mailing list archives
RE: Changing the domain password policy
From: "Scott Ramsdell" <Scott.Ramsdell () cellnet com>
Date: Fri, 2 Feb 2007 11:56:36 -0500
Gary, You are correct. The new requirements will be enforced at the next password change. Because service accounts are frequently set to not expire, ensure those passwords are long and complex, known to only who needs to know, and documented in the appropriate location. I always lumped my service accts into one OU. This OU was exempted from my script that toggled 'user must change password at next login'. This script was run when IT staff left. A good rule to remember when creating service accounts is that vendors lie, and their service accounts probably do not need domain admin rights. Best Regards, Scott Ramsdell -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Gary Collis Sent: Thursday, February 01, 2007 2:47 PM To: security-basics () lists securityfocus com Subject: Changing the domain password policy Hi All, I wish to amend my windows domain policy to include passowrd complexity and minimum length. However I have a bunch of service accounts, of which I do not know all. These passswords are set in AD to not expire. Am I right in thinking that the changes to the domain password policy will not effect the accounts that have this attribute set in AD, until these passwords are actually changed? How do other people deal with service accounts and their adherence to domain password policys? Thanks,
Current thread:
- Changing the domain password policy Gary Collis (Feb 02)
- RE: Changing the domain password policy Huang, John, GCM (Feb 02)
- RE: Changing the domain password policy Roger A. Grimes (Feb 05)
- RE: Changing the domain password policy Scott Ramsdell (Feb 02)
- RE: Changing the domain password policy Roger A. Grimes (Feb 05)
- RE: Changing the domain password policy Depp, Dennis M. (Feb 02)
- Re: Changing the domain password policy Mike Devlin (Feb 02)
- Re: Re: Changing the domain password policy David Grant (Feb 05)
- Re: Changing the domain password policy Raoul Armfield (Feb 06)
- <Possible follow-ups>
- Re: Changing the domain password policy krymson (Feb 02)
- Re: Changing the domain password policy test (Feb 07)
- RE: Changing the domain password policy Huang, John, GCM (Feb 02)