Shawn Martin wrote:
> I keep getting Error 1721 for local accounts I have on 2008 server
> (64-bit).
> I'm running the MBSA under a domain account that is an administrator of
> the
> server.
>
> The local account that keeps getting flagged by MBSA has a password of
> Wh$v9Jx^=b
>
> so I have no clue as to why it thinks that is a weak password. Any
> suggestions?
Too short?
Andrew
http://www.microsoft.com/protect/yourself/password/checker.mspx
"Shawn Martin" <Shawn...@discussions.microsoft.com> wrote in message
news:32E850DF-F6A2-4A9C...@microsoft.com...
Maybe a simple change like adding an additional number or special
character will suffice?
"Shawn Martin" <Shawn...@discussions.microsoft.com> wrote in message
news:1A4DD217-6FB6-4622...@microsoft.com...
"Shawn Martin" <Shawn...@discussions.microsoft.com> wrote in message
news:541627D3-B37E-4298...@microsoft.com...
If MBSA, and/or its dependencies, had been loaded into all local
servers from the same local and corrupted source, that could be the
answer.
Warm regards and good luck,
Pete
--
1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
Any other suggestions?
Sorry, fresh out.
There may be some additional clues here, but I can't say for sure.
Hello Shawn:
Do you ever remember this MBSA 2.1 version working OK in your shop?
If so, I'm wondering if a subsequent MS update has broken something?
Do you regularly run MBSA on a scheduled basis, or is it run on
special occasions?
Although "FTR" suggests a linkage to password strength, I'm guessing a
zero-length password is being mistakenly passed to MBSA for
evaluation, if indeed MBSA itself does the evaluation. But hey - I'm
just pulling this out of the air.
Warm regards Shawn,
On every server, I didn't have a previous version of MBSA installed.
The network team here wanted server administrators to run MBSA on
applications to ensure things like passwords are strong. The tools runs fine
on the 2003 servers, but throws the weak password error on the 2008 boxes.
The issue is definitely odd, so I'll set up another 2008 server from scratch
and see if it still happens.
**************************
I reviewed your files and have confirmed your issue to be the same as the
"known" issue. A Windows 2008 server fix will be announced when it is
released. No ETA is available.
While it is regrettable that in this instance we have been unable to provide
you with a requested solution at this time, we hope that your continued
partnership will allow us to work together through future challenges as they
may arise. As with each customer we work with, it is always our objective to
provide the very best supported software possible.
The case will be set to a decrement type of “non-decrement” and thus, will
NOT be charged against your Software Assurance agreement.
At this time, as there is no other escalation channel for this issue, I will
conclude this case today.
It was my pleasure working with you. Please let me know of any feedback
you would like to convey to us on your overall experience with Microsoft
ACTION:
=======
Customer is running MBSA.
RESULTS:
========
Customer is seeing "1721" errors on the MBSA scan results for weak passwords
when scanning on Win2008 machines.
CAUSE:
======
Design regression
RESOLUTION:
============
No workaround available at this time. Hotfix and/or SP to be released in
the future.
**************************
Well done Shawn.
"Shawn Martin" <Shawn...@discussions.microsoft.com> wrote in message
news:7F637276-4615-4F01...@microsoft.com...
Why? because the latter just has to be typed-in from a post-it attached to
the monitor.
Seriously, once passwords MUST contain gibberish, and must expire
frequently, the security of the system takes a nosedive for this reason.
The fundamental shortcoming in security design is that of allowing rapidfire
attempts at logon. With a delay of even a few seconds between attempts,
bruteforce methods become impractical. To improve your security, implement a
short lockout for repeated logon failures.
Timeouts are indeed a good measure to increase difficulty (and,
unfortunately, helpdesk calls).
"Anteaus" <Ant...@discussions.microsoft.com> wrote in message
news:B29C2546-C2C8-4348...@microsoft.com...
Otherwise, this is unfortunately an expected issue since Windows isn't
responding correctly to MBSA's request.
--
--
Doug Neal [MSFT]
du...@online.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline Security Analyzer (MBSA). Information is available at the following
link:
http://support.microsoft.com/default.aspx
This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
news:ecY$GYhCKH...@TK2MSFTNGP02.phx.gbl...
Hello Joe:
I suggest you contact Doug Neal with your trouble.
--
1PW
--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
"Joe" <J...@discussions.microsoft.com> wrote in message
news:AA493448-6895-4A13...@microsoft.com...