How secure is your password??

I find people asking me how complex their password needs to be all the time. This is a genuinely valid question. Sometimes this is a matter of opinion from network engineers, so here's my opinion on what I've found.

(A Complex Answer / Microsoft Recommendation) Microsoft recommends:

A) Password does not contain any part of a user's name (Display Name/Account Name/etc.)

B) Must be at least 7 characters

C) Should be changed every 42 days, minimum

D) Must contain 3 of the 5 following: An uppercase, a lowercase, a digit, a symbol, and/or a unicode character.

(My simple answer) I recommend:

Passwords need to be secure, but easy to remember. Of course "T8iL#)iuwr*3A~~!!" is going to be very secure, but who's going to remember that? So, of course, you're going to document that somewhere right? Sheet of paper? Excel document? Notepad document? When you need to document it, how do you secure that document?

So, what is more secure? "T8iL#)iuwr*3A~~!!" or "D0g...................." (Capitol D, Zero, g, +20 periods)? Which one are you going to remember better? Believe it or not, "D0g...................." (23 characters) is going to take quite a bit longer than "T8iL#)iuwr*3A~~!!" (17 characters) to crack.

Here's a nice site I stumbled upon a few weeks ago that shows you just how long it might take to crack a password: https://www.grc.com/haystack.htm

Enjoy!

Exchange 2010 Certificates - The Cheap Way

So, every now and then, I run into people that don't want to pay $80/year for a UCC / SAN Certificate for their exchange environment. While there are ways around this to put in a regular certificate, it's highly recommended to just get the UCC/SAN Cert.

If you do end up getting the cheap, one-domain name certificate, here's a few items you'll have to update through Exchange Management Shell. These will help make everything work more smoothly and prevent certificate / password prompting in Outlook:

Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. (This one is missed the most) To modify this URL, type the following command, and then press ENTER:

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.yourdomainname.com/autodiscover/autodiscover.xml

Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.yourdomainname.com/ews/exchange.asmx

Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.yourdomainname.com/oab

Expand the local computer, and then expand Application Pools.

Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

And that should be all you need to do on the back end to get it working.