Announcement

Collapse
No announcement yet.

Bypass complex PWs via AD MMC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bypass complex PWs via AD MMC

    The previous company for which I worked allowed to reset domain passwords to anything, no restrictions when changing the passwords via MMC. At the desktop, users would always have to change the PW under the complex pw restrictions.

    How is this done? My current company the complex passwords are enforced via group policy.

    Thanks!
    Last edited by UKJoe; 31st December 2008, 19:41.

  • #2
    Re: Bypass complex PWs via AD MMC

    Why do you want to bypass complex password mechanism.
    You might violating the written security policy with this.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Bypass complex PWs via AD MMC

      This is done using the domain and local security policy. For the local policy to work, you need to have local workstation accounts, which imo shouldn't be allowed in a domain, but that's likely how they did it.

      You could script changing the local policy to enforce strong passwords and use GPO to allow for a weak domain password. Makes no sense to me but it's possible.

      To change the GPO look at the default domain policy and check under computer config -> windows settings -> security settings -> account policies -> password policy, password must meet complexity requirements.

      Again as mentioned it's not something you really should change. You're only opening yourself up by changing this because it allows for weak passwords.
      Andrew

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Re: Bypass complex PWs via AD MMC

        I thought about this after I posted. I think the workstation images\COE we had used local policies enforced for passwords. If we needed to change a pw for a user we could make it weak\simple and then they would be forced to change it to a complex pw when they logged in.

        I'm not sure how else it would have been done.

        Comment


        • #5
          Re: Bypass complex PWs via AD MMC

          A "complex" password can actually be very simple. From memory the requirements are a minimum number of characters and 3 from 4 of lower and upper case letters, numbers and symbols. This is by default of course, it may have been more strictly enforced.

          For example in many of the Microsoft MOC training courses the administrator password is set to [email protected] or some variation therof. Doing a reset to Password01 or something similar and enforcing a change at logon usually gets the job done. Enforcing the password history prevents the user from choosing Password02 or anything like that.
          BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
          sigpic
          Cruachan's Blog

          Comment


          • #6
            Re: Bypass complex PWs via AD MMC

            And what about Passphrases
            Although it's called a password, you also might use sentences. Spaces are allowed so...
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment

            Working...
            X