Link to home
Start Free TrialLog in
Avatar of babaganoosh
babaganooshFlag for United States of America

asked on

How can I tell what users haven't changed their password / still have weak passwords?

I set up users in sbs 2003 R2 with no password.  I've since enabled a password policy.  I don't want to allow access from the web yet for rww and owa, because not every one has logged in and changed their passwords when in the office.  Is there a way to see who hasn't met the policy / who still has a blank password?  I'll manually change it to something that meets the policy and let them know what it is... or keep them from accessing the network via the web till they have a more secure password?
SOLUTION
Avatar of suppsaws
suppsaws
Flag of Belgium image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Olaf De Ceuster
Olaf De Ceuster
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of babaganoosh
babaganoosh
Flag of United States of America image

ASKER

if theres a blank / simple password, there's a bigger chance that someone could hack it.  So if 2 of the 10 users still ahven't logged in to change the blank password, I would change it myself and tell them how to change it to something they want... I don't want to put the server on the web with short passwords, right?  the hacker would change it to something they would remember! : D
Avatar of Olaf De Ceuster
Olaf De Ceuster
Flag of Australia image
Chances of a hacker being interested are minimal. But better safe than sorry. Set the same password for all blank passwords and get them to change it ASAP.
If a hacker would change your password he wouldn't be much of a hacker? All you'd have to do as an admin is change the password again. Surely there ae smarter ways.
Olaf
Avatar of babaganoosh
babaganoosh
Flag of United States of America image

ASKER

you're missing what I am saying... he wants to gain access.  so a blank password is one of the first he'll try.  so if it wants him to change the password, no big deal for him.  thenhe has access. sure, I can change the password later.  but the hacker got in allready.  I want to identify the accounts with weak passwords now, before the hackers find it / them.
ASKER CERTIFIED SOLUTION
Avatar of Olaf De Ceuster
Olaf De Ceuster
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of babaganoosh
babaganoosh
Flag of United States of America image

ASKER

I need to identify who still has the blank passwords.  I don't want to change everyone.  It's looking like I log in as eahch user trying a bklank.  if it works, I need to change it?  There has to be an easier way!?

Avatar of Olaf De Ceuster
Olaf De Ceuster
Flag of Australia image
You are effectively trying to see other peoples passwords. You'll need to use a third party password program to do this.
You can also tick the box: user has to change password at next logon and set your password policy.
At least you know the passwords won't stay blank for long.
Olaf
SOLUTION
Avatar of Maasdriel
Maasdriel
Flag of Netherlands image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of babaganoosh
babaganoosh
Flag of United States of America image

ASKER

I thought MBSA would do it, but on the sbs box, it says that it doesn't tellyou about the passwords on a domain controller!