[ Pobierz całość w formacie PDF ]
.Minimum Password AgeNoneNot propagated.Minimum Password LengthMinimum Password LengthPropagated intact.Password UniquenessRequire Unique PasswordsPropagated intact, but effective only if set to 8 or greater.Table 2.2 Transferring Account Restrictions from Windows NT to NetWare (cont.)Windows NT Account RestrictionNetWare EquivalentHow propagated to NetWareAccount PoliciesAccount LockoutIntruder Detection/LockoutPropagated intact.Forcibly Disconnect When Logon Hours ExpireNoneNot propagated.Users Must Log On to Change PasswordNoneNot propagated.How Windows NT Server Groups Are Propagated to NetWare ServersWindows NT Server domains have several built-in groups.Only members of theAdministrators group in the domain are given special rights on NetWare servers.These users are given security equivalence to Supervisor on every NetWareserver added to the domain.Memberships of administrator-created groups are propagated correctly from thedomain to NetWare servers, as long as those groups have been selected to bepropagated, or you have selected to propagate all accounts.How Users Should Change Their PasswordsThe client software determines how a user who has an account managed by aWindows NT Server domain and propagated to NetWare servers changes his or herpassword.Client typeUser action to change passwordWindows NT Workstation 4.0 or 3.51CTRL+ALT+DELAny other Microsoft clientchgpass commandNetWare clientchgpass or mslogin commandThe chgpass and mslogin utilities are provided with Directory Service Managerfor NetWare.The chgpass utility simply changes a user’s password.The msloginutility is the functional equivalent to similar NetWare utilities and cancorrectly change passwords on NetWare servers that have been added to a domainfor management.Both these utilites, when specified to change the user’spassword at a NetWare server, actually change the password on the Windows NTServer domain and all the NetWare servers to which the user’s account is beingpropagated.If the user is currently attached to any NetWare servers notparticipating in a domain, chgpass and mslogin also change the user’s passwordat those servers.To help ensure that your NetWare client users use only either chgpass and/ormslogin, Directory Service Manager for NetWare provides:u The Users May Only Change Their Passwords Via Directory Service Manager ForNetWare option, which prevents users from incorrectly changing passwords usingNetWare utilities.u Two utilities—msattach and msmap—that display a message informing the usersto use chgpass to change the password.You can have users use these utilities,instead of similar NetWare utilities.u The ability to copy the chgpass and mslogin utilities, and the necessary RPCsupport files, to the preferred servers of all your NetWare clients.You shouldmake sure that every NetWare client has a preferred server that stores theseutilities.When a NetWare server is added for management in a domain, Chgpass.exe,Mslogin.exe, Msattach.exe, and Msmap.exe (along with the necessary libraryfiles Rpc16c1.rpc, Rpc16c6.rpc, and Security.rpc) are copied to the NetWareserver’s PUBLIC directory.Mslogin.exe and the.rpc files are also copied tothe server’s LOGIN directory.Although Directory Service Manager for NetWare copies all these utilitiesautomatically to NetWare servers added for management with Windows NT Serverdomains, you might also want to copy these utilities to the PUBLIC and LOGINdirectories of any other NetWare servers you have to which these users might beconnected.Users of Microsoft client computers other than Windows NT Workstation (version4.0 or version 3.51) must also have the chgpass utility available.To make itavailable to Microsoft client users, you can either copy Chgpass.exe (plus the*.rpc files) to the client computers or set up a shared directory accessible tothese clients and put the utilities there.If a user mistakenly uses another utility to change his or her password on aNetWare server (and you did not specify the Users May Only Change TheirPasswords Via Directory Service Manager For NetWare option for the server) ,you can quickly correct the situation by having the user use chgpass.Thechgpass utility will synchronize the new password to all servers.(However,password histories will remain unsynchronized.)For more information on the new utilities provided with Directory ServiceManager for NetWare, see “Command Reference,” later in this section.Using the Directory Service Manager for NetWare ToolsTo administer Directory Service Manager for NetWare, you use SynchronizationManager (included with Directory Service Manager for NetWare) and User Managerfor Domains
[ Pobierz całość w formacie PDF ]