Focus on Microsoft
Re: How to /password policy on Windows 2003 Aug 21 2009 12:14PM
pent 5971 (pent5971 gmail com) (5 replies)
RE: How to /password policy on Windows 2003 Aug 26 2009 05:21PM
Kurt Dillard (kurtdillard msn com) (1 replies)
Vista Complete PC Backup coolness Aug 28 2009 07:49PM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)
RE: Vista Complete PC Backup coolness Sep 02 2009 10:50PM
James D. Stallard (james leafgrove com) (1 replies)
RE: Vista Complete PC Backup coolness Sep 05 2009 06:50AM
Ken Schaefer (Ken adOpenStatic com)
Re: How to /password policy on Windows 2003 Aug 25 2009 07:03PM
Gerardo Castillo Alvarado (gecastillo edelca com ve)
hi,
This can be useful:

>
> General Recommendations for Account Lockout and Password Policy
> Settings
>
> In addition to the specific account lockout and password policy
> settings in the previous tables, there are some other configuration
> changes that may help you achieve the level of security that you want.
> These include:
>
> * When you enable account lockout, set the *ForceUnlockLogon*
> registry value to 1. This setting requires that Windows
> re-authenticates the user with a domain controller when that
> user unlocks a computer. This helps to ensure that a user cannot
> use a previously-cached password to unlock their computer after
> the account is locked out.
> * False lockouts can occur if you set the *LockoutThreshold*
> registry value to a value that is lower than the default value
> of 10. This is because users and programs can retry bad
> passwords frequently enough to lock out the user account. This
> adds to administrative costs.
> * After you unlock an account that is locked out, verify that the
> *LockoutDuration* value is set. You should do this because the
> value may have changed during the account unlock process.
> * Carefully consider setting the *LockoutDuration* registry value
> to 0. When you apply this setting, you may incur additional
> administrative labor by requiring administrators to manually
> unlock a locked out user account. Although this does increase
> security, the increased labor drawback may outweigh the security
> benefit.
> * Define account lockout and password policies once in every
> domain. Ensure that these policies are defined only in the
> default domain policy. This helps to avoid conflicting and
> unexpected policy settings.
> * Unlock an account from a computer that is in the same Active
> Directory site as the account. By unlocking the account in the
> local site, urgent replication occurs in that site which
> triggers immediate replication of the change. Because of this,
> the user account should be able to regain access to resources
> faster than waiting for replication to occur. Note that the
> AcctInfo.dll tool helps to identify an appropriate domain
> controller and unlock the account. For more information about
> AcctInfo.dll, see the "Account Lockout Tools" section in this
> document.
>

check this [1]. (see "Recommended Password Policy Settings")

[1] http://technet.microsoft.com/en-us/library/cc737614(WS.10).aspx

Best regards!

pent 5971 escribió:
> Any ideas/best practices?
>
> Regards
>
> 2009/8/20, pent 5971 <pent5971 (at) gmail (dot) com [email concealed]>:
>
>> Hi,
>> I have an important Windows 2003 box which we are using only a admin
>> account actively. I also need to set a password policy (i have some
>> requirements) on this box and dont loose the admin account acces. How
>> can i do this password policy?
>>
>> Regards
>>
>>
>
>

[ reply ]
Re: How to /password policy on Windows 2003 Aug 25 2009 07:01PM
Wim Remes (wremes gmail com)
RE: How to /password policy on Windows 2003 Aug 25 2009 05:50PM
Rivest, Philippe (PRivest transforce ca) (1 replies)
Re: How to /password policy on Windows 2003 Aug 26 2009 04:47AM
Kevin (rot_betruger sbcglobal net) (1 replies)
Re: How to /password policy on Windows 2003 Aug 26 2009 10:00PM
Ben Scott (mailvortex gmail com)
RE: How to /password policy on Windows 2003 Aug 25 2009 05:44PM
THOMAS, DEDRIC (ATTCLSMA) (dt7089 att com)


 

Privacy Statement
Copyright 2010, SecurityFocus