Password Policy - Different Passwords
Hi, Does anybody know if there is an option to prevent different users from setting the same password for their logins?
August 23rd, 2012 7:22am

Hi Ivan, Thanks for posting in Microsoft TechNet forums. As far as I know, we cannot use Password Policies to prevent different users from setting the same password. We can use Password Policies to specify minimum password length, no blank passwords, maximum and minimum password age. It can also be used to prevent users from reusing passwords and ensure that they use specific characters in their passwords, making the passwords more difficult to crack. Here are two articles regarding enforcing Strong Password Policies. Hope they can be useful to you: Best Practices for Enforcing Password Policies http://technet.microsoft.com/en-us/magazine/ff741764.aspx Enforcing Strong Password Usage Throughout Your Organization http://technet.microsoft.com/en-us/library/cc875814.aspx Regards Kevin
Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2012 11:52pm

Hi Ivan, Thanks for posting in Microsoft TechNet forums. As far as I know, we cannot use Password Policies to prevent different users from setting the same password. We can use Password Policies to specify minimum password length, no blank passwords, maximum and minimum password age. It can also be used to prevent users from reusing passwords and ensure that they use specific characters in their passwords, making the passwords more difficult to crack. Here are two articles regarding enforcing Strong Password Policies. Hope they can be useful to you: Best Practices for Enforcing Password Policies http://technet.microsoft.com/en-us/magazine/ff741764.aspx Enforcing Strong Password Usage Throughout Your Organization http://technet.microsoft.com/en-us/library/cc875814.aspx Regards Kevin
August 24th, 2012 12:00am

the only way would be to enforce this policy in a written manner, so that all your users agree they will not assign the same password for more different accounts - if they are using more accounts such as administrators. basically, from a security point of view - you should not notify users that there may be another account with the same password - you would just advise them to try a password attack on another account. in case of passwords set accidentially the same by different users, you can only do a post-audit - for example there is a tool called Cain & Abel that can obtain all password hashes from a DC and you would be able to verify whether there are two accounts that have the same password hash. But understand, that the tool is third-party, not supported, may have unpredictable stability results on the DC and some antivirus programs also report it as a hacker tool - so I would do the audit on a test DC clone in a virtual environment which would be completely separate from the rest of the network. There may also be other tools available for such an audit. ondrej.
Free Windows Admin Tool Kit Click here and download it now
August 26th, 2012 9:32am

the only way would be to enforce this policy in a written manner, so that all your users agree they will not assign the same password for more different accounts - if they are using more accounts such as administrators. basically, from a security point of view - you should not notify users that there may be another account with the same password - you would just advise them to try a password attack on another account. in case of passwords set accidentially the same by different users, you can only do a post-audit - for example there is a tool called Cain & Abel that can obtain all password hashes from a DC and you would be able to verify whether there are two accounts that have the same password hash. But understand, that the tool is third-party, not supported, may have unpredictable stability results on the DC and some antivirus programs also report it as a hacker tool - so I would do the audit on a test DC clone in a virtual environment which would be completely separate from the rest of the network. There may also be other tools available for such an audit. ondrej.
August 26th, 2012 9:36am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics