Password Policy effects on Admins

pts.
Tags:
Security
In Win NT and Win 2K, if password complexity was enforced, and admin could still by-pass that by setting a simpler password via User Manager or ADUC. However, in Windows Server 2003, it appears that even an admin must comply to the policy when setting a new password. Is this in fact true? If so, is there a means to by-pass this and set simpler passwords for specific accounts?

Answer Wiki

Thanks. We'll let you know when a new response is added.

1st answer is No, NOR should there be means to bypass security on the most important account of all. However, anything group policy can set, can be changed at the object level. Use the resultant set of policies tool (mmc plugin) and see where you can change one user without changing all.
Good luck.

Discuss This Question: 6  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • ShawnHarbert
    Password policies are Domain specific and apply to ALL users within that domain. If you want to make an easier password policy for your admins, then I suggest you use Pass Phrases and NOT shorten or make simpler the passwords to accounts that hold the "keys" to your network. However, if you're really stuck on wanting simpler passwords, stand up another domain in your Forest, move all of your admins to that domain, and manage the original domain with accounts from your new domain (this is NOT the suggested alternative!).
    0 pointsBadges:
    report
  • Stuffedmoose
    The idea here is "security". Shorter simpler passwords means you are more vulnerable. No, the complexity restriction cannot be by-passed and it shouldn't be. If you can think up a shorter easier password, so can a brute-force hacker. Would you really want that to happen? Probably not.
    0 pointsBadges:
    report
  • MsITSec
    And don't forget what the auditors will have to say about it. Not only is security first and formost on our minds, but now there is the big 'C' Compliance
    0 pointsBadges:
    report
  • SecGeek
    This gets to the heart of why most people that call themselves security aren't. They are in fact an ethical embarrassment to the profession of Security officer. The thought that the law doesn?t apply to the sheriff is unconscionable and the true reason that Microsoft has never designed a good security system. Administrative ID?s should be changed more often than regular users and should be held to higher password standards than regular users. Please don?t ever embarrass the title of Security with such questions ever again. Peace
    0 pointsBadges:
    report
  • Jimcusson
    Keep the complexity but use it to create easier to remember passwords. As someone else said, use passphrases. el2g2tm! is easy to remember when it translates into Everybody Loves 2 Go 2 The Movies! The auditors will love the "strong" password, it's 8 characters and uses both numbers and specail characters. For the user, it's easy to remember.
    0 pointsBadges:
    report
  • SecGeek
    I just want to apologize for the tone of the first reply I sent. I feel very strongly that all administration ID's and functions should be audited and secured in a way that it can be independently proven that those ID's were not used in a crime. I take Security very seriously and sometimes it show. Peace
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following