Solved

AD Security

Posted on 2006-07-21
4
356 Views
Last Modified: 2008-02-01
Where we can find this and how we can deploy the following settings:

minPwdAge (Days)                            Current 0 Recommended 1
DOMAIN_PASSWORD_NO_ANON_CHANGE      Current DISABLED Recommended ENABLED
DOMAIN_PASSWORD_NO_CLEAR_CHANGE      Current DISABLED Recommended ENABLED
DOMAIN_LOCKOUT_ADMINS            Current DISABLED Recommended ENABLED

Thanks!
0
Comment
Question by:Nirmal Sharma
4 Comments
 
LVL 26

Accepted Solution

by:
Pber earned 250 total points
ID: 17153520
I only found one...

minPwdAge (Days):
 
Load the default domain policy GPO
Navigate to:
minPwdAge (Days)  
Computer configuration\Windows Settings\Security Settings\Password Policy
Change Minimum Password Ago to 1

the rest appear to be additional password properties flags as per MSDN
http://windowssdk.msdn.microsoft.com/en-us/library/ms718417.aspx

Where did you get this recommendation.  Allowing the Domain admins account to be locked out could be bad effects.  A malicious user can just willingly lock out your admin account.


0
 
LVL 16

Assisted Solution

by:kshays
kshays earned 250 total points
ID: 17156523
Along with Pber, this can only be applied at the domain level.  The min password age is the amount of days that is required before the user can change the password again.  It will keep the savy people from changing the password over and over in the same day just so they can use their old one again.

As for locking out the admin account auditing should be done to see if any attempts are made to login using that account.  Simple measures of just renaming the admin account will discourage some people, but the really savy guys can still find out which account is the admin or has admin privileges from the SID.

Download group policy management console or just go and edit the gpo by using group policies for the default domain policy.  I'm taking you are not familiar with groups policies correct?

cheers
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS Records Deleted? 12 69
Moving SQl Server SBS 2003 to SQL Server 2014 27 119
How can I increase the cpu to the virtual machines? 5 83
heat agent push through GPO 2 49
I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now