08 juillet 2013

Be carefull with VMware SSO Master password bug

This week I installed a fresh vSphere 5.1 Update 1 environment and I wanted to configure it will real world certificates to get rid of all those “Do you really really reeeeeally accept this insecure website” messages. Using the VMware SSL Certificate Automation Tool I generated all the new certificates and then started changing the certificate on the VMware SSO server. When doing this, you’ll be asked for the Master password. Since I learned a while ago in a very painful way that the Admin@System-domain password is not equal to... [Lire la suite]
Posté par jcdemarque à 14:34 - - Permalien [#]
Tags : , , , , , , , ,

07 janvier 2013

Changing Password on Administrator Accounts - Performing an Audit

This article addresses a common task which many administrators have to address within their career as as an IT professional - changing the password on a core administrator account.ScenarioIt is well known that Administrators should always create dedicated service accounts with appropriate access to be used by network applications on a Microsoft network.  However there is always a case of a lazy administrator in the past who could not be bothered to create dedicated service accounts so they use the default domain admin account... [Lire la suite]
04 novembre 2012

Using the Account Lockout Feature in TMG 2010

A much needed feature was added in Service Pack 2 for Forefront TMG 2010. This great new feature gives you the ability to lock accounts on TMG at the local level before accounts are actually locked out in the domain. The account lockout feature, when used properly, will prevent TMG from trying to authenticate a user to a Domain Controller after the defined number of bad passwords has been attempted. In one of my previous blogs I talked about scenarios where TMG is being used as a reverse proxy and the Account Lockout Threshold has... [Lire la suite]
Posté par jcdemarque à 16:16 - - Permalien [#]
Tags : , , , , , , , , ,
04 novembre 2012

How To Find When A User Password Expires?

As an admin, how do we find out when a user’s password expires?   It is easy to find, once you know the command The one we need to run is Net User username /domain from the command prompt. It gives you more info than what you are looking for, but it has all the info about the password – when the password was changed, when will it expire etc. --> Please see the rest on the blog : http://www.howexchangeworks.com/2012/11/how-to-find-when-a-user-password-expires.html
Posté par jcdemarque à 16:14 - - Permalien [#]
Tags : , , , ,
16 septembre 2012

Office 365 – Password Expiration Notifications in Outlook

The Microsoft Outlook team has released updates for Outlook 2010 and 2007 that provide Office 365 users with password expiration notifications. The advance password expiry notification will be displayed in a pop-up message (near the system clock) within a certain time period before their password actually expires. That time period is configurable by the tenant admin (see links below for more info). For users whose passwords have already expired, Outlook will flash an error message when users try to connect to their mailbox. In both... [Lire la suite]
Posté par jcdemarque à 17:13 - - Permalien [#]
Tags : , , , , , , ,
12 septembre 2012

Creating a AD user without knowing it’s initial password

That’s a tricky question. Every user we create in active Directory require an initial password that user will use to connect for the first time. At this step, user account can (and should be configured) to enforce a password change. From a security point of view there might have some problems with this initial password. It must be communicated to the end-user. If someone have access to the initial password and user identity, he can perform operation on behalf of someone else. To avoid such a situation, one solution can be to disable... [Lire la suite]
Posté par jcdemarque à 10:22 - - Permalien [#]
Tags : , , , , ,

11 juin 2012

25 most-used passwords revealed: Is yours one of them?

Unfortunately, too many people are still relying on “password” as the key to their login information, based on a new report. After it was discovered that more than six million LinkedIn passwords had been leaked as well as many at Last.fm and eHarmony, no one has stopped talking about password and passcode security. That’s actually a good thing because it’s an incredibly important topic that many Internet users don’t take seriously. Case in point, take a look at this new report from IT security consultant Mark Burnett.... [Lire la suite]
Posté par jcdemarque à 10:17 - - Permalien [#]
Tags : , , , , ,
10 octobre 2011

Une histoire de mot de passe AD

Une petite histoire :  Cela fait quelques années que je conçoit et dépanne des infrastructures d’annuaire Active Directory (pour donner une idée, j’ai commencé avec NT 4.0). On pourrait croire que c’est une routine et bien non, on a toujours quelque chose à apprendre de chaque projet de mise en œuvre ou de migration.   Le changement de mot de passe dans AD --> A voir sur le site : http://danstoncloud.com/blogs/simplebydesign/archive/2011/10/09/une-histoire-de-mot-de-passe-ad.aspx   
Posté par jcdemarque à 15:08 - - Permalien [#]
Tags : , , , , , ,
11 février 2011

iPhone volé ? Vos mots de passe piratés en quelques minutes

Des chercheurs allemands ont montré qu'il était simple et rapide de récupérer les mots de passe stockés sur un iPhone. C’est une publicité dont Apple se serait bien passé. Des chercheurs en sécurité informatique de l’institut Fraunhofer ont montré dans une étude [PDF] qu’il était possible, et facile, de forcer le keychain, le système de gestion des mots de passe de la firme. Y compris lorsque l’appareil tournant avec iOS est lui-même protégé par un mot de passe. Le tout en 6 minutes chrono. Pour ce faire, les scientifiques ont... [Lire la suite]
Posté par jcdemarque à 09:55 - - Permalien [#]
Tags : , , , , , ,
07 février 2011

Sécurité de l’information : même les PME peuvent être déstabilisées

Emmanuel Lehmann, consultant et expert sur des problématiques de sécurité pour les entreprises, explique pourquoi l'homme sera toujours le maillon faible. L’investissement dans des dispositifs de sécurité (pare-feux, solutions anti-virus, techniques de chiffrement, alarmes, dispositifs biométriques…), mais aussi la formalisation de politiques de sécurité (gestion des mots de passe, des profils et des contrôles d’accès…) sont des éléments essentiels de la sécurité des entreprises. --> La suite sur le blog : ... [Lire la suite]
Posté par jcdemarque à 16:41 - - Permalien [#]
Tags : , , , , , , ,