Password Policy effects on Admins
Home > IT Answers > Security > Password Policy effects on Admins
Joseph62
0 pts.
0
Q:
Password Policy effects on Admins
Security
In Win NT and Win 2K, if password complexity was enforced, and admin could still by-pass that by setting a simpler password via User Manager or ADUC.

However, in Windows Server 2003, it appears that even an admin must comply to the policy when setting a new password. Is this in fact true? If so, is there a means to by-pass this and set simpler passwords for specific accounts?
ASKED: Apr 5 2005  10:15 AM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
Howard2nd
0 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
1st answer is No, NOR should there be means to bypass security on the most important account of all. However, anything group policy can set, can be changed at the object level. Use the resultant set of policies tool (mmc plugin) and see where you can change one user without changing all.
Good luck.
Last Answered: Apr 5 2005  12:18 AM GMT by Howard2nd   0 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

ShawnHarbert   0 pts.  |   Apr 5 2005  6:48PM GMT

Password policies are Domain specific and apply to ALL users within that domain. If you want to make an easier password policy for your admins, then I suggest you use Pass Phrases and NOT shorten or make simpler the passwords to accounts that hold the “keys” to your network. However, if you’re really stuck on wanting simpler passwords, stand up another domain in your Forest, move all of your admins to that domain, and manage the original domain with accounts from your new domain (this is NOT the suggested alternative!).

 

stuffedmoose   0 pts.  |   Apr 6 2005  7:46AM GMT

The idea here is “security”. Shorter simpler passwords means you are more vulnerable. No, the complexity restriction cannot be by-passed and it shouldn’t be. If you can think up a shorter easier password, so can a brute-force hacker. Would you really want that to happen? Probably not.

 

MsITSec   0 pts.  |   Apr 6 2005  8:37AM GMT

And don’t forget what the auditors will have to say about it. Not only is security first and formost on our minds, but now there is the big ‘C’ Compliance

 

secGeek   0 pts.  |   Apr 6 2005  9:21AM GMT

This gets to the heart of why most people that call themselves security aren’t. They are in fact an ethical embarrassment to the profession of Security officer. The thought that the law doesn?t apply to the sheriff is unconscionable and the true reason that Microsoft has never designed a good security system.

Administrative ID?s should be changed more often than regular users and should be held to higher password standards than regular users. Please don?t ever embarrass the title of Security with such questions ever again.

Peace

 

jimcusson   0 pts.  |   Apr 6 2005  10:15AM GMT

Keep the complexity but use it to create easier to remember passwords. As someone else said, use passphrases.
el2g2tm! is easy to remember when it translates into Everybody Loves 2 Go 2 The Movies! The auditors will love the “strong” password, it’s 8 characters and uses both numbers and specail characters. For the user, it’s easy to remember.

 

secGeek   0 pts.  |   Apr 7 2005  11:59AM GMT

I just want to apologize for the tone of the first reply I sent. I feel very strongly that all administration ID’s and functions should be audited and secured in a way that it can be independently proven that those ID’s were not used in a crime. I take Security very seriously and sometimes it show.
Peace

 
0