Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Forbidden Passwords-Group Policy

Status
Not open for further replies.
Streetcone

Streetcone

IS-IT--Management
May 12, 2004
15
US
Hello,
I have a daunting task: recently I inherited a domain and network of almost 200 users. Some of these people have had the same password for 10 years. And I do mean *the same* password. Does anybody know a way to keep any users from using a particular word or part of that word in the password?
For example: if the company name is pepsi and everybody uses pepsi as a password, that's bad. I don't want pepsi in anybody's password at all.
I know that I can enforce strong password, etc but for these users...I am trying baby steps.

Thanks.
 
Sort by date Sort by votes
I suggest to set password length to be always n+1 symbols long, where n is the length of 'suspected word'. Or you can assign them a password you want and then disable their ability of changing it untill the moment the system will ask them to do it.
 
Upvote 0 Downvote
Hi PorkChop and SquaredNull,
I will probably end up using a combination of your suggestions. It's always fun dealing with users who don't understand the dangers of their behavior until it's too late.
Thanks for your help!
 
Upvote 0 Downvote
Just bare in mind Admin v's Security.

Does it matter that all of production share the same password since they don't get internet access or can only access one folder on the entire network.

Someones had the same password for 10 years? This may be an issue if they have remote access or something but if not then is it that big a deal?

I'd advise don't activate complex password as I imagine they will be Password1! then Password2! etc. and you'll have the calls whats my password, I've locked my account again co's my caps lock wasn't on etc.

Don't get me wrong I run a policy of age 45 days and the users are forced to change (with warnings at 30 days), using Forced complex passwords of 7+ characters with account locking after 5 incorrect attempts for 10 minutes but this is really for remote users where hackers will attempt brute force attacks.

Only you can look at your network and say I need THIS level of security.

Iain

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
305
penguinroundup
penguinroundup
rrmcguire
  • Locked
  • Question
group policy to set dns
Replies
2
Views
403
rrmcguire
rrmcguire
intel233
  • Locked
  • Question
Group Policy - Delete cached Passwords in IE
Replies
0
Views
172
intel233
intel233
phil3000
  • Locked
  • Question
Screensaver Via Group Policy
Replies
1
Views
277
markdmac
markdmac
cabraun
  • Locked
  • Question
Group Policy Question (Set System Variable)
Replies
2
Views
219
markdmac
markdmac

Part and Inventory Search

Sponsor

Back
Top