Comments on: What about PWD_NOT_REQD?? http://blog.joeware.net/2006/06/29/431/ Information about joeware mixed with wild and crazy opinions... Wed, 01 Sep 2010 22:02:17 +0000 hourly 1 http://wordpress.org/?v=3.0 By: joe http://blog.joeware.net/2006/06/29/431/comment-page-1/#comment-2545 joe Sat, 08 Jul 2006 14:14:32 +0000 http://blog.joeware.net/2006/06/29/431/#comment-2545 Matheesa: Correct, the issue is that there really are no excuses or cases where an account shouldn't have a password. Having that bit set allows something that shouldn't occur... The malicious use occurs if someone takes advantage of not having to have a password. Mike: Could you send me more detail about what you mean in an email? Matheesa:
Correct, the issue is that there really are no excuses or cases where an account shouldn’t have a password. Having that bit set allows something that shouldn’t occur… The malicious use occurs if someone takes advantage of not having to have a password.

Mike:
Could you send me more detail about what you mean in an email?

]]> By: Mike Kline http://blog.joeware.net/2006/06/29/431/comment-page-1/#comment-2540 Mike Kline Fri, 07 Jul 2006 13:37:26 +0000 http://blog.joeware.net/2006/06/29/431/#comment-2540 If we prestage computer accounts in a non Windows 2003 Functional level domain then will OldCmp not work because the pwdLastSet attribute is not populated. Interesting blog as usual. Thanks Mike If we prestage computer accounts in a non Windows 2003 Functional level domain then will OldCmp not work because the pwdLastSet attribute is not populated.

Interesting blog as usual.

Thanks
Mike

]]> By: matheesha http://blog.joeware.net/2006/06/29/431/comment-page-1/#comment-2536 matheesha Fri, 30 Jun 2006 21:22:49 +0000 http://blog.joeware.net/2006/06/29/431/#comment-2536 OK. I just re-read that. Basically its only an issue if the password is not set and the flag PWD-NOT-REQD is set. In that case, its a user account with a blank password. If a password is set, there is no issue. But as best practice the flag should not be used. OK. I just re-read that. Basically its only an issue if the password is not set and the flag PWD-NOT-REQD is set. In that case, its a user account with a blank password. If a password is set, there is no issue. But as best practice the flag should not be used.

]]> By: matheesha http://blog.joeware.net/2006/06/29/431/comment-page-1/#comment-2532 matheesha Fri, 30 Jun 2006 07:21:30 +0000 http://blog.joeware.net/2006/06/29/431/#comment-2532 Thanks for the explanation joe. Could you possibly elaborate on if and how it could be used by someone maliciously? Thanks M@ Thanks for the explanation joe. Could you possibly elaborate on if and how it could be used by someone maliciously?

Thanks

M@

]]> By: Steve Kelly http://blog.joeware.net/2006/06/29/431/comment-page-1/#comment-2530 Steve Kelly Fri, 30 Jun 2006 03:32:47 +0000 http://blog.joeware.net/2006/06/29/431/#comment-2530 When I look at our user accounts, most are set to this. I believe this is from the old NT 4 accounts that they were upgraded from. We do have a password policy. I am wondering how can I remove this flag from the user accounts? Thanks, Steve When I look at our user accounts, most are set to this. I believe this is from the old NT 4 accounts that they were upgraded from. We do have a password policy. I am wondering how can I remove this flag from the user accounts?

Thanks,

Steve

]]>