Assurance

["Roy, Nicholas S" <>]

I guess I should have started out by saying, this is a discussion starter for the AD/Silver cookbook:

 

https://spaces.internet2.edu/display/cicincsilver/InCommon+Silver+with+Active+Directory+Cookbook+-+DRAFT

 

From: [mailto:] On Behalf Of Roy, Nicholas S
Sent: Wednesday, September 07, 2011 4:12 PM
To:
Subject: [Assurance] Discussion starter: Appendices, what's needed/wanted?

 

Per today’s discussion, I deleted Table 1 from the cookbook, which contained Microsoft’s recommended password policies.  As noted, there are any number of things you can do to meet the requirements.  In its place, I added an appendix that briefly discusses password entropy and links to the IAP document, SP 800-63 and a password entropy calculation spreadsheet.

 

To get the conversation started on what we need to add to the cookbook, it was suggested on the call that any amount of detail in the existing appendices (A – Known Issues with NTLMv1 Disabled/LMHASH storage sturned off; B – Known Issues with Requiring Signed LDAP Binds; C – Operational Considerations, Practices, Processes For Syskey Mode 2/3 Management) would be helpful.  As it stands, we don’t have much there.  I know some of you have done work with what requiring signed LDAP binds does to Mac clients, and others may have looked at Bitlocker, Syskey mode 2 or 3, or what disabling NTLMv1 does to “legacy” clients.  If you have any information to add to these, or any other suggestions for things that we could put in these or other appendices, please respond to this thread.

 

Thanks,

 

Nick