Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

checking for password complexity

Status
Not open for further replies.

PPettit

IS-IT--Management
Sep 13, 2003
511
US
Is there a way to check user passwords for complexity?

I recently enabled the "Passwords must meet complexity requirements" policy setting and want to make sure that all of the existing user accounts have been changed. I don't really need or want to know the actual password. I just want to know which accounts do not meet the complexity requirements.
 
look for a program that microsoft have produced that checks your server for security issues/lock down it tells you how many accounts do not meet what ure looking for sorry dont have the link

I haven't failed, I've found 10,000 ways that don't work.
Thomas Edison (1847-1931)
Heads :)
 
Are you thinking of the "Baseline Security Analyzer"? I've tried it but it doesn't check what I want it to check. It just looks for "weak" passwords.

This is what it checks for:
Password is blank.
Password is the same as the user account name.
Password is the same as the machine name.
Password uses the word "password."
Password uses the word "admin" or "administrator."
This check also notifies you of any accounts that have been disabled or are currently locked out.

I want to make sure that the passwords conform to the complexity requirements I've set.
 
Force all the users to change there password. The next time they log on they will be force to change there password, and it will require a strong password. This way you can be sure that all passwords are strong.

Denny

--Anything is possible. All it takes is a little research. (Me)

[noevil]
(My very old site)
 
Force all the users to change there password. The next time they log on they will be force to change there password, and it will require a strong password. This way you can be sure that all passwords are strong.

I'm not sure if there is something to check for strong passwords, as it would have to brute force every users password in order to find out if it was strong or not.

Denny

--Anything is possible. All it takes is a little research. (Me)

[noevil]
(My very old site)
 

I've used, and highly recommend Symantec's LC5. There are many open source and freeware utilities for cracking password hashs, but with my company's passwords I will only trust a reputable company that can give some assurances.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top