Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
nfire2016-01-20 08:09:27
Active Directory
nfire, 2016-01-20 08:09:27

Is it possible to set a list of "incorrect" passwords for AD users?

Actually a subject. Light up a list of the 100 most popular passwords and prohibit them from being set to enter AD.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
C
Cool Admin, 2016-01-20
@ifaustrue

It is forbidden.

Report
I
Ivan, 2016-01-20
@Amigo83

To do this, there is a policy of complexity and frequency of password changes.

Report
E
Eugene, 2016-01-20
@yellowmew

nfire , the complexity of passwords is purely an organizational issue.
as a rule, in a normally organized IT service, the technical support service is responsible for changing user passwords, and let the user reset his password at least 100 times a day, filling out, of course, a reset request in the prescribed manner.
This will only give management food for thought on the topic "is everything in order with this employee."
In the end, you can describe all the dangers to the management by demonstrating the company databases on the Internet (including email addresses, and this is an increase in incoming spam).
Well, rest on the fact that in this case it will be necessary to make one, completely powerless user at all, so as not to give anyone extended rights, since one password of an advanced user, in this case, will walk throughout the company and lead to virus infection (or launching programs that are not viruses, but greatly interfere with the work of both users and the network / servers).
In general, intimidate the authorities :D by connecting all your experience, imagination, and google.
The main thing is not to overdo it.
Oh yes, don’t forget to tell about personal photos from connected smartphones :D which will definitely be stolen and posted on the Internet

Report
O
other_letter, 2016-01-20
@other_letter

My experience shows that simple and frequent passwords in general do not correlate much with the top 100.
Usually this is a derivative from a name (Manyunechka004, anatoliy18) or something personal (spartak5, pelevin18).
The more complex the requirements after a certain edge, the higher the probability of writing on the sheets. If sanctions are applied to the leaves, then only a small percentage remembers the password, the rest replace the leaf with a note on the phone or simply write in a diary.
In general, personal opinion - a password of 8 characters and a change once a month, you can not alternate. Of course, this is not about responsible areas, but usually users understand better there (glevbukhs now seem to me smarter than 5-7 years ago).
In the long term - a two-factor.

Report
I
Ivan Bazaichenko, 2016-01-20
@Banzaii

https://technet.microsoft.com/en-us/library/cc7708... - it will also be useful about granular password policies.

Similar questions
D
Dm4k2012-11-08 12:11:40
32/64-bit drivers for print service from exe? 3Reply
D
Denis Sechin2015-12-21 16:15:41
How to correctly differentiate user rights? 2Reply
I
Ivan2018-05-06 00:54:31
Add users PCs from a group to a separate group? 1Reply
L
lysakov2015-12-27 11:20:05
Failed to install Active Directory domain controllers, how to add AD role? 2Reply
D
danykeep2015-12-28 11:32:43
How to restore a new WS 2012R2 domain after a failed migration? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question