Jump to content
RESET Forums (homeservershow.com)

Trying out WHS2011 for first time


ziki
 Share

Recommended Posts

The only way I would bypass the Password Policy would be for an HTPC on the LAN.  Create a Special OU with a new password Policy and drop the HTPC's & HTPC Users in there.

Link to comment
Share on other sites

That's an interesting use-case.

 

BTW, mostly what I've seen when admins alter the password policy is they make it stronger, usually by requiring longer passwords.

Link to comment
Share on other sites

I think the default with WSE2012 is 12.

 

My strategy is as follows on a thirty day rotation. B@$ePassW0rd0313.....where the only thing that changes every thirty days are the last four numbers.

 

(That's not my real password....in case you are wondering.  But you get the idea)

Link to comment
Share on other sites

Well since i mostly want to use it locally i don't care about a strong password. Can people access my system remotely if they know this password? That would be the only thing to make a difference for me.

Link to comment
Share on other sites

Ummmmmm, YES!!!  You're an Admin and as long as they know that password, you are vulnerable.  Now, you are not part pf the low hanging fruit crowd, but your password is only as good the complexity.

 

There are programs that run every word in the dictionary for password checkers.  As long as you don't use a standard word, you should be okay.

Link to comment
Share on other sites

Well since i mostly want to use it locally i don't care about a strong password. Can people access my system remotely if they know this password? That would be the only thing to make a difference for me.

 

The key word in your response is mostly. If you have any remote access to your server, or to any other computer on your LAN, you're vulnerable. 

Link to comment
Share on other sites

  • 1 month later...

I'd also like to throw in there that password length should be in multiples of 7. So 7, 14, 21 characters. Password cracking tools break passwords up into 7 character blocks and work inwards from the outer two. Mostly. Also it's much better to start and finish seven character blocks with special characters. This makes them much harder to crack.

 

Years ago I used to work for a company where as a matter of routine we used to regularly crack users passwords, testing them for strength, and then wrist slapping the users who had crappy passwords. If we could crack them in a couple of hours and then they didn't change it by the next crack they'd get a disiplinary note in their HR files. If they got too many of those they'd get walked. Bear in mind that this was a very tech savvy bunch of users who should have all known better, with the exception of the admin and some of the HR staff.

 

:)

Link to comment
Share on other sites

a15457I've got a question for you, if you know.

 

I've used software to crack plenty of passwords, and I understand a fair bit about encryption techniques. What I don't understand, and haven't been able to get a good answer to over the years, is exactly how does a cracking program know that it has cracked a password?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...