If you ever have an organization with multiple password complexity requirements, definitely consider a third party tool to handle the job for you. I came across a domain setup recently where the password and lockout policy had been set, but there were a select group of restricted users with a no-password requirement.
*Note, do not set up a policy without password restrictions/requirements.
The problem with this is, one is able to set only 1 password policy for hte entire domain. So, short of a third party utility or another domain, here is what I did as a workaround.
First, make sure you have documented the policy before making adjustments.
Temporarily disable the password policy (Do this out of hours) by setting minimum lengths, durations etcetera to zero. If you simply disable the policy, the previous setting will remain in effect, and you will be unable to adjust users passwords in the interim. Now that this is done, you are able to successfully set zero-length passwords to your select group of restricted users. Once this is done, return the password policy settings to what they were.
As an alternative (Yet equally insecure) for accessability. This solution is good for users who only use one device that nobody else will (Such as a communcation aid/talker). Remember though, the password gets stored in plain text which is a big no-no.
*Edit the registry solely at your own risk!
Go to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
1) Add a Value called DefaultPassword
2) Make the data type REG_SZ
3) Type in the user password in the string editor
4) Add another Value called AutoAdminLogon
5) Data type as REG_SZ
6) Set the value to 1
7) Set the forceautologon key to 1
When you restart the machine, you should be automatically logged in to the default domain.
Tuesday, May 16, 2006
Subscribe to:
Posts (Atom)