Security Risks on XPSP2 up to date

Belarc advisor Ver 7.0T suggested that some specific
changes to security policy at Password (length, minage,
complexity) be done in order to best avoid remote access by
'brute force attacks'. When carried out, the user cannot
change already issued password on the local pc. The system
says the password does not meet complexity guidelines when
it does.
The old on did not, however, which is why I wanted to
change it. The library or parm file needs to be revised so
the change will ignore the old password under the new
policy, and allow the new password to be set. I met or
exceeded the complexity with Upper case , lowercase, Special
characters and numbers all in the same pass. The only item I
could figure out is that the minimum days needed to be zero,
and the minimum length needed to be 0 as well (btw, this is
not a good practice).
Does Microsoft have any guidelines on the password settings
in policy?

Another issue. Need the guidelines on how to set up
performance logs (size, items logged, etc.) , as I want to
set up the trace log at least. Currently the agent needs a
separate Name and USER id/pass in order to implement the
function properly. There should be a way to start this on
the current user id (ka default).
--
Lester Stiefel
In Romans 1 there are qualities of Unregenerate man listed
which describe him in the last days.
Is your quality found on this list??

Password policy changes have no bearing on existing passwords - only when a
new password is created so I would double check the password requirements
and the minimum length in particular. You can use the command net accounts
to see effective password/account policy other than complexity. Microsoft
does give guidelines on password policy in the Threats and Countermeasures
Guide that is a free download. Offhand I don't know of any specific
recommendations for performance logs but the second link below shows many
Microsoft articles on that subject. --- Steve

http://www.microsoft.com/technet/sec...g/tcgch00.mspx
--- Threats and Countermeasures guide
http://search.microsoft.com/search/r...qn=&c=10 &s=0

"Lester Stiefel" wrote in message
news:RIIif.11767$F73.3122@trnddc03...
Belarc advisor Ver 7.0T suggested that some specific changes to security
policy at Password (length, minage, complexity) be done in order to best
avoid remote access by 'brute force attacks'. When carried out, the user
cannot change already issued password on the local pc. The system says the
password does not meet complexity guidelines when it does.
The old on did not, however, which is why I wanted to change it. The
library or parm file needs to be revised so the change will ignore the old
password under the new policy, and allow the new password to be set. I met
or exceeded the complexity with Upper case , lowercase, Special characters
and numbers all in the same pass. The only item I could figure out is that
the minimum days needed to be zero, and the minimum length needed to be 0
as well (btw, this is not a good practice).
Does Microsoft have any guidelines on the password settings in policy?

Another issue. Need the guidelines on how to set up performance logs
(size, items logged, etc.) , as I want to set up the trace log at least.
Currently the agent needs a separate Name and USER id/pass in order to
implement the function properly. There should be a way to start this on
the current user id (ka default).
--
Lester Stiefel
In Romans 1 there are qualities of Unregenerate man listed which describe
him in the last days.
Is your quality found on this list??