win 2000 password problem

G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hello. I have a question on passwords. Microsoft technet articles say Windows 2000 maximum password length is 127 characters. In compmgmt.msc, under Local Users and Groups, I have been able to create/enter passwords up to 253 characters, without error from Windows. However, if password created is greater than 127 characters, the password does not work; that is, user not able to log on. Is this because of LANMan hash error or other reason?

Would this also be a way to disable local Admin accounts on domain PCs? I have tried to checking "disable" account on local Admin accounts, but still can log in using password, even when local Admin account has been "disabled". So, maybe 128 - 253 character password would work?

Thank you for your help. Best wishes,

Kahlib
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

The built in administrator account can not be disabled in W2K. I don't know
about the password thing, but you might consider giving the built in
administrators account deny access right to logon locally and access this
computer from the network also as a way to restrict access by that account. ---
Steve


"Kahlib" <Kahlib@discussions.microsoft.com> wrote in message
news:16F005FD-A626-4A10-A713-1B835706D8B3@microsoft.com...
> Hello. I have a question on passwords. Microsoft technet articles say
Windows 2000 maximum password length is 127 characters. In compmgmt.msc, under
Local Users and Groups, I have been able to create/enter passwords up to 253
characters, without error from Windows. However, if password created is greater
than 127 characters, the password does not work; that is, user not able to log
on. Is this because of LANMan hash error or other reason?
>
> Would this also be a way to disable local Admin accounts on domain PCs? I
have tried to checking "disable" account on local Admin accounts, but still can
log in using password, even when local Admin account has been "disabled". So,
maybe 128 - 253 character password would work?
>
> Thank you for your help. Best wishes,
>
> Kahlib
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Thank you Steve. I can include your suggestions in my GPs, so that sounds good. So far no one seems to know about the password question. Thank you for your time,

Kahlib

"Steven Umbach" wrote:

> The built in administrator account can not be disabled in W2K. I don't know
> about the password thing, but you might consider giving the built in
> administrators account deny access right to logon locally and access this
> computer from the network also as a way to restrict access by that account. ---
> Steve
>
>
> "Kahlib" <Kahlib@discussions.microsoft.com> wrote in message
> news:16F005FD-A626-4A10-A713-1B835706D8B3@microsoft.com...
> > Hello. I have a question on passwords. Microsoft technet articles say
> Windows 2000 maximum password length is 127 characters. In compmgmt.msc, under
> Local Users and Groups, I have been able to create/enter passwords up to 253
> characters, without error from Windows. However, if password created is greater
> than 127 characters, the password does not work; that is, user not able to log
> on. Is this because of LANMan hash error or other reason?
> >
> > Would this also be a way to disable local Admin accounts on domain PCs? I
> have tried to checking "disable" account on local Admin accounts, but still can
> log in using password, even when local Admin account has been "disabled". So,
> maybe 128 - 253 character password would work?
> >
> > Thank you for your help. Best wishes,
> >
> > Kahlib
>
>
>