Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: John Morello (jmorelloMICROSOFT.COM)
Date: Wed Jan 03 2001 - 12:21:43 CST
-----BEGIN PGP SIGNED MESSAGE-----
Actually, you can do it via ADSI and IIS. A pretty good article
explaining how to do this is available at
- -----Original Message-----
From: Adrian Beauchamp [mailto:adrianbeauchampCS.COM]
Sent: Wednesday, January 03, 2001 5:35 AM
Subject: setting a password policy for NT remote logon users
We have a situation as follows:
All servers involved are (still) NT4SP6a (plus IIS 4 as required).
are mixed Windows breeds, but all able to join an NT domain.
We have users requiring access to change content on web servers in a
different domain from the one the log into each morning.
There is no trust relationship between the domains, and none is
Up till now, this has worked as follows. The users get a domain
the 2nd domain they need to work in. Its possible to change content
a) map a network drive to a machine where they are part of a group
the access they need. authenticate using the domain account from the
b) create a connection to an FTP server where authenticated users
domain accounts have the ability to write to specific directories.
scripts or Siteserver to redistribute the data from the FTP server to
There is a major problem with this scheme. As I understand it, there
way that these users are able to change thier passwords in the number
domain. This means its impossible to set a password policy that makes
kind of sense at all. How can I expire passwords every 30 days when
would mean I would have manually pick and reset the passwords myself
then distribute all the new passwords by some secure method to the
No - the remote users need to be able to pick and set there own
and I need to be able to enforce a password policy that wont make us
I have the feeling I am not making some connection that would allow
solve this problem using existing tools...
Having a flawed password scheme means that all other security
This is an issue I am sure many admins have been confronted with in
or another - any ideas?
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
-----END PGP SIGNATURE-----