Focus on Microsoft
Re: How to /password policy on Windows 2003 Aug 21 2009 12:14PM
pent 5971 (pent5971 gmail com) (5 replies)
RE: How to /password policy on Windows 2003 Aug 26 2009 05:21PM
Kurt Dillard (kurtdillard msn com) (1 replies)
Vista Complete PC Backup coolness Aug 28 2009 07:49PM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)
RE: Vista Complete PC Backup coolness Sep 02 2009 10:50PM
James D. Stallard (james leafgrove com) (1 replies)
RE: Vista Complete PC Backup coolness Sep 05 2009 06:50AM
Ken Schaefer (Ken adOpenStatic com)
Re: How to /password policy on Windows 2003 Aug 25 2009 07:03PM
Gerardo Castillo Alvarado (gecastillo edelca com ve)
Re: How to /password policy on Windows 2003 Aug 25 2009 07:01PM
Wim Remes (wremes gmail com)
RE: How to /password policy on Windows 2003 Aug 25 2009 05:50PM
Rivest, Philippe (PRivest transforce ca) (1 replies)
Well first off, I would sadly say it depends a lot on your company and how
they view security, which requirements you have (legals and business).

Let's say you have a financial server (the 2k3 box) that will transfer
customers information for credit, maybe PCI needs to be applied. You need to
know this kind of things first.

Also, maybe this server has a higher security requirement than another (you
don?t specify). So if you're normal password policy states 6 char long for a
password, maybe you would want to go at 8-10 for this one if its more
critical.

I would also make sure your local admins cant bypass the policy, maybe push
it thru AD if you have it and they don?t have AD access? Putting it locally
and giving them local admin is not serious enough for a critical server. So
I would say in "Domain Policy" under admin tools in windows.

Password policy should come from the top (management, higher than Director)
and be applied to everyone and everything. It should be clear and short. 1
page max for a password policy should be more than enough.
-All passwords should be at least 8 character long
-All passwords should expire after 45days
-All passwords need to be complex (INSERT definition..)
...
Have the policy signed (*approved*) by upper management and than applied to
the 2k3 box.

Side note, the sentence with "loose" I didn?t understand it too much. But I
would also suggest limiting local admin access to a very few IT employees.
If they don?t need it don?t give it, all this has to be approved (as we all
know).

Hope I was on your topic, if not sorry :)

Philippe Rivest - CEH, Network+, Server+, A+
TransForce Inc.
Internal auditor - Information security
Verificateur interne - Securite de l'information

8585 Trans-Canada Highway, Suite 300
Saint-Laurent (Quebec) H4S 1Z6
Tel.: 514-331-4417
Fax: 514-856-7541

http://www.transforce.ca/

-----Message d'origine-----
De : listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] De
la part de pent 5971
Envoyé : 21 août 2009 08:14
À : focus-ms (at) securityfocus (dot) com [email concealed]
Objet : Re: How to /password policy on Windows 2003

Any ideas/best practices?

Regards

2009/8/20, pent 5971 <pent5971 (at) gmail (dot) com [email concealed]>:
> Hi,
> I have an important Windows 2003 box which we are using only a admin
> account actively. I also need to set a password policy (i have some
> requirements) on this box and dont loose the admin account acces. How
> can i do this password policy?
>
> Regards
>
0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?¹0?µ0? Þ
0
 *?H?÷
0y10U
Root CA10U http://www.cacert.org1"0 UCA Cert Signing Authority1!0 *?H?÷
 support (at) cacert (dot) org0 [email concealed]
090514194904Z
091110194904Z0@10UCAcert WoT User1$0" *?H?÷
 privest (at) transforce (dot) ca0 [email concealed]?0
 *?H?÷
0?³ÕÚé{2íõ6Þõ*°:·¤"^ ÝyÑÈ®*Z³-D³ZÜÆcÔSÇéH!j*W?ø¾õåTP?ÝìÚ^7?QQZ@Z?hÔ;R£^C?Q+¶G8©é?!h;Cnñ
¿¯CÊóuóm?Æ?æʐßA¬&??V¿ä(?d"jÛ?£?0þ0 Uÿ00V `?H?øB
IGTo get your own certificate for FREE head over to http://www.CAcert.org0@U%907++
+?7

+?7
 `?H?øB02+&0$0"+0?http://ocsp.cacert.org0 U0privest (at) transforce (dot) ca0 [email concealed]
 *?H?÷
??oåb¢c6?ZFRô?À*Î þnAÄ?×
GJ½å?þ;I?sZ?GÍ!U;H [.Ã(¨ÅÛGÿcáÀHpwNX?Ù
¶«
Q µ^ÞK?½ÿÿ+???~Ý_ ôôìÊJ¿÷7qý¨?è?Ø7?YÖ??6äÉ?xt?ÅÊ
?zã`Ýf?|?g5¥ý|4YsyÃsÄ?hEAÞ²§a´%Ö?mÖêîå4[7XÆYq&Ur?ïX]å¤(·_
{Z?ÔÜ´J*iUÓNöGÕ?$aVðæ*Ü
ýñ'a?¶Íbë!Y?SY¯ÕØ?jlì?!?,¯¥<???M$­Ú©,ôÃ7w¤?¤ysÁZØ?éûÖJ×Ñ=E?©4×Ã
¿9¤s.?)_GKg?OXÕ¸câþ>AgM ùu´?¨ÃzZ4§^C£BY®õðÀ¯? ¥"u9èï- ?²3?D?d??$]xMÔµÍô
ßk\´oùT,¢µÕ?9~kýːL³??f?*àÁz?z¿3.E?HX$ñ0mϾ 5Í98¥¢7k>z¾^u?dÞÚµiÕ
û>;Æk?­ÉÖ~ C|@ÃÝÃIÅC?= ¢ë?"QLÌ??ø¶õÂ+?b%P&Âì
ÕGk?ZÎ1?0?0?0y10U
Root CA10U http://www.cacert.org1"0 UCA Cert Signing Authority1!0 *?H?÷
 support (at) cacert (dot) org [email concealed]Þ
0 + ?ð0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
090825175057Z0# *?H?÷
 1S49²u?ÜÄ£+®pá^Òw?í0g *?H?÷
 1Z0X0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0+0
*?H?÷
0? +?71?0?0y10U
Root CA10U http://www.cacert.org1"0 UCA Cert Signing Authority1!0 *?H?÷
 support (at) cacert (dot) org [email concealed]Þ
0? *?H?÷
  1? ?0y10U
Root CA10U http://www.cacert.org1"0 UCA Cert Signing Authority1!0 *?H?÷
 support (at) cacert (dot) org [email concealed]Þ
0
 *?H?÷
??Úp¬|MàÉñ¤???£*ÙÓ² IcN?Ì?±ÆùìóEf¨XÂvPGÜ!?Á?ùÄpÆoµÖ)RÂ(äöEd;??³M¬VUó-Ö_ì¹ZBÏö?]® ÄENtu[äÜß`pXHm¨î\¨v:KÚ½õ?Z$?y«ú

[ reply ]
Re: How to /password policy on Windows 2003 Aug 26 2009 04:47AM
Kevin (rot_betruger sbcglobal net) (1 replies)
Re: How to /password policy on Windows 2003 Aug 26 2009 10:00PM
Ben Scott (mailvortex gmail com)
RE: How to /password policy on Windows 2003 Aug 25 2009 05:44PM
THOMAS, DEDRIC (ATTCLSMA) (dt7089 att com)


 

Privacy Statement
Copyright 2010, SecurityFocus