Solved

Reset user account to zero length password

Posted on 2011-03-23
6
1,015 Views
Last Modified: 2012-08-13
Hi,

We had an audit done on our AD infrastructure and the report has come back and has found some users that state that a few users can reset their password to a zero length password. So I had a look on the report and the users are not in the same OU. The domain policy is applying to all OU’s and is set to a minimal of 8 characters.  But somehow these 26 users password can be reset to a blank password. I have double checked the security on two different account and all checks out. Other account in the same OU’s cannot be changed to a blank password. as the domain policy states it has to be 8 and more I am out of answers and the auditors now would like some answers of which I have run out of.

Please advise
0
Comment
Question by:ablsysadmin
  • 3
  • 3
6 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 35199574
It's possible the users in question don't have read permissions on teh GPO that sets the password requirement.  That's worth looking into.

It's also possible the auditors tool is wrong.  Have you tried having one of the users in question actually set their password to nothing?
0
 

Author Comment

by:ablsysadmin
ID: 35204850
i will have a quick look into the read permissions but all authenticated users have read set?
i set the password on the dc to zero or blank. so the audit tool is picking it up correctly
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 35205636
As an administrator, you're immune (by default) to most GPOs.  So the question isn't "can an administrator assign a zero-length password?" - an administrator can do anything he or she wants.  The question is "can a user create a zero-length password for themselves?"
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:ablsysadmin
ID: 35205798
The GPO covers the users accounts. i have tested a few and i can not reset the password them to less then 8 as spec in the GPO. but these accounts i can
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 500 total points
ID: 35206286
You might be able to garner some insight by going to a machine where one of these users is logged in and running an RSOP to determine how group policies are being applied.  

Again, it's possible for a user (or group of users or an OU) to be denied read permission to a policy, thereby excluding that policy from applying to them.
0
 

Author Closing Comment

by:ablsysadmin
ID: 35382393
a
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question