AKU2 and Goodlink passwords - no good

[CameronJ]

After playing around a bit in the registry the last week, I also found how to have a password that violates my organization's password policies. While I understand the reasoning behind having a password, the 30 minute timeout (which is the max my organization lets me set) is way too short. It looks like the goodlink password parameters work in the following way:

- Password policies are passed down through GoodLink and stored in the registry in HKEY_CURRENT_USER\ControlPanel\GoodLink\Password. There are a number of keys here, including ITLockedTime, ITLocked, ITPasswordMinLength, and a few others.
- When you go into the Lock/Password settings, the control panel settings dialog pulls from these registry keys to determine if your password meets policy.
- After a short period of time, any changes to these registry keys get overwritten back to corporate policy, however, nothing ever checks your password (as long as you don't go back into the Lock control panel extension) to make sure it complies with policy.

Basically, this means that you can change the key for minimum length or timeout and then go into the Lock control panel extension and change your password. I currently have a 1 character password set to timeout every 24 hours (instead of 6 characters that times out in 30 minutes). I've been running this way for about 4 days now, and even though the registry keys are back to policy, my reduced security password is still in force.

ITPasswordMinLength is self explanatory - change this to however many characters you want as your minimum.

ITLockedTime is a little more obscure. The decimal value here corresponds to the number of items in the list of timeout values in the timeout dropdown. 1 means only one item will show up (which is 0 minutes), I think 11 is 24 hours.

ITLocked - I'm guessing that if you set this to 0 it doesn't check these parameters at all, which means you might be able to disable the password. I haven't played with this one yet.

[s4czech]

Quote:

Originally Posted by CameronJ ITLocked - I'm guessing that if you set this to 0 it doesn't check these parameters at all, which means you might be able to disable the password. I haven't played with this one yet.

Wow, I've been looking for this kind of hack for awhile. I'm going mad with the couple minute forced timeout/lock policy I'm forced to live with. Imagine trying to use your pocket pc as a GPS device and it locking every couple minutes! (totally sucks)

Do you know if it's possible to do what did in a normal AKU2 MS Push Mail system? (I dont use goodlink, just regular microsoft push)

Which reg keys do I mess with?
How do you keep the changes from being detected/overwritten?

Thanks!

[caiken]

Any update on rather this has been addressed in a more recent ROM (AKU 2.3?). I am looking to start my company's Goodlink trial program and currently have 2.17. Thanks!

[CameronJ]

Quote:

Originally Posted by CameronJ ITLocked - I'm guessing that if you set this to 0 it doesn't check these parameters at all, which means you might be able to disable the password. I haven't played with this one yet.

An update - this is the best way to go. Set ITLocked to 0, go into the password control panel applet and uncheck the password box. No more password requirement.

[CameronJ]

Quote:

Originally Posted by caiken Any update on rather this has been addressed in a more recent ROM (AKU 2.3?). I am looking to start my company's Goodlink trial program and currently have 2.17. Thanks!

As long as you are using the most recent version of the goodlink client (4.8 ) you will be fine. The issue is with the previous version of the client (4.7).

[irablumberg]

I had no problem with this nasty password bug when I upgraded to AKU 2.3. I'm using Goodlink 4.8.

Ira

[CameronJ]

Quote:

Originally Posted by irablumberg I had no problem with this nasty password bug when I upgraded to AKU 2.3. I'm using Goodlink 4.8. Ira

This problem only exists with AKU2+ ROMs and GoodLink 4.7 - not 4.8

[caiken]

Quote:

Originally Posted by CameronJ Quote: Originally Posted by irablumberg I had no problem with this nasty password bug when I upgraded to AKU 2.3. I'm using Goodlink 4.8. Ira This problem only exists with AKU2+ ROMs and GoodLink 4.7 - not 4.8

Thanks for the update guys. I'm assuming the "Get Good" link now downloads 4.8.

[gaelen00]

CameronJ,
You wrote:

An update - this is the best way to go. Set ITLocked to 0, go into the password control panel applet and uncheck the password box. No more password requirement.


Can you elaborate on this process? Where do I find the password control panel applet?

[gaelen00]

Quote:

Originally Posted by gaelen00 CameronJ, You wrote: An update - this is the best way to go. Set ITLocked to 0, go into the password control panel applet and uncheck the password box. No more password requirement. Can you elaborate on this process? Where do I find the password control panel applet?

Also, it appears that any changes that I make to the Good settings in the registry are over-written the very next time it syncs with the Good server. Anyone know how I can lock the registry settings that I set in addition to how I remove the requirement for the Good password controlled by my IT dept.