SlideShare une entreprise Scribd logo

Preventing Password Expiration Proactively

Netwrix Corporation
Netwrix Corporation

Password expiration is a well-known pain for IT help desk personnel. Requests to reset expired passwords can build up to a sizable portion of the total help desk workload. This whitepaper describes how to prevent password expiration issues proactively.

Technologie
1  sur  7
Télécharger pour lire hors ligne
Preventing Password Expiration Proactively White Paper
Preventing Password Expiration Proactively —White Paper Contents Password Expiration: Why Should You Care? ..................................................................................................... 3 How to Tackle the Problem ................................................................................................................................. 4 Going the Easy Way ........................................................................................................................................ 4 Coding Your Way Out of It .............................................................................................................................. 4 Passing the Buck ............................................................................................................................................. 5 What Matters in a Solution ............................................................................................................................ 6 Fully Automated Approach: NetWrix Password Expiration Notifier .................................................................. 7 2
Password Expiration: Why Should You Care? Password expiration is a well-known pain for IT help desk personnel. Requests to reset expired passwords can constitute a sizable portion of the total help desk workload. Because password expiration is periodic, the help desk tends to be flooded with calls about expired passwords every once in a while. This issue wastes time and limits productivity, but setting passwords never to expire is not an option. Periodically renewing passwords is not only common sense practice, but often also an important requirement for security compliance. Barring irresponsibility, users typically let the passwords of their accounts expire because: they don’t login interactively (e.g. VPN and OWA users) they stay logged on for long periods of time and don’t receive reminders they use operating systems other than W indows (e.g. Linux or Mac) W ith the right tools, the number of help desk calls about expired passwords can be reduced dramatically by configuring timely reminders for users. The immediate benefit of this is to gain more time for the help desk to handle issues that are not so trivial but no less costly.
How to Tackle the Problem Going the Easy Way Arthur administers an Active Directory domain where most computers run W indows Server 2003 and W indows XP. A few Linux boxes are also joined to the domain, and authentication is transparent on these boxes due to a single sign-on system. To prevent password expiration, Arthur uses built-in Active Directory notification. Of course, that does not cover the Linux us ers, but they have been instructed to use calendar reminders to warn them when their passwords are about to expire. The Linux users don't seem to mind, and the reminders help most of the time. Group Policy is the obvious choice for reminder configuration in an Active Directory environment. In particular, the Interactive logon: Prompt user to change password before expiration option is helpful. It makes sure that during W indows interactive logons, users are prompted to change their password a few days before expiration. To provide similar prompts for Outlook Web Access users, you need to take additional Exchange configuration steps, which decentralizes the setup of essentially the same feature. This solution is valid in a W indows-only environment but becomes a lot less attractive as soon as Active Directory-integrated Unix, Linux and Mac hosts come into the picture. Users of these systems will not receive Group Policy-triggered warnings, and the password age of these accounts needs to be t racked specifically. Another consideration is that the default prompts are not always effective. They are suitable for an informed audience who realize the importance of password policies. W ithout this knowledge, people tend to ignore the prompts and carry on with their work, letting the passwords expire. In these cases, there should be a notification method informing the user that changing the password is not “just something you do,” but a way to make the workplace more secure. Coding Your Way Out of It Bill is in charge of a heterogeneous Active Directory environment comprising W indows, Linux and Mac OS. The share of Linux and Mac boxes is considerable, although thankfully there is little variety in operating system versions. Being a competent coder, Bill has designed and remotely deployed a set of logon scripts for the non-W indows computers that duplicates the functionality of built-in W indows password expiration reminders. The scripts are production -tested and work fairly well, but recently due to an upgrade of the Linux systems it took Bill a whole day to update and debug the scripts. One way to deal with expiring passwords on non-W indows computers is to deploy scripts or programs that use LDAP to check the state of the account password at logon. This is easier said than done. An
administrator tasked with rolling out such a configuration would face the following complications: The same logic has to be ported to multiple systems, considering initialization methods, installed software, etc. The scripts and programs require testing and support. If no centralized software rollout system is in place, this software has to be installed on each computer individually. As a result, the solution might not prove cost-effective, and the administrator might have to cut the costs by deploying freely available software instead of developing it in-house. In the process, the administrator will sacrifice support, and often reliability. Passing the Buck Carol is the administrator of an environment that integrates W indows, Mac, Solaris and Linux computers, some of them operated by remote users. Setting up password expiration warnings on all the computers is impractical and infeasible, so it has been decided that help desk should monitor password age and notify the users in advance when their passwords are about to expire. Carol has equipped help desk with reporting software for the purpose. This proactive measure alleviates the problem but does not remove it—help desk workload is such that notification messages do not arrive as frequently as they should. Carol is researching to find a better, more automated solution. The administrator might decide that client-side password expiration warnings are just not worth the effort. Then help desk personnel might be charged with using reports on account password state and manually sending e-mail notifications to users whose passwords are about to expire. On the one hand, this quick and dirty solution has a few benefits: It provides control of the state of all account passwords, including the accounts whose owners do receive the expiration warnings. It rightly shifts attention from computers to people who use the accounts. It is easy to find and deploy reporting software that displays the necessary information. On the other hand, this method has several disadvantages: Users who do not receive the warnings are out of the loop, although they could easily tend to reset their passwords themselves. Help desk personnel have to spend time tracking password age instead of handling more serious issues.
What Matters in a Solution As these examples show, a good solution to the problem of warning the owners of soon-to-expire passwords should: Reliably and flexibly inform users about impending password expiration —the administrator should be able to configure how soon the notification starts and to make the notification messages informative Be platform-independent—the system should work identically on all platforms that the account may be used on Be account-centric, not computer-centric—no client software installation should be necessary; the warnings are directed to the account owner, not to the user of a particular machine Reinforce the notification functionality with reporting tools for help desk personnel —although this is a secondary goal, it can reduce the number of calls One way to satisfy these requirements is to design software that: Sits in a single place in an Active Directory domain Automatically monitors the age of account passwords Sends configurable notification messages to the mailboxes of accounts whose passwords are about to expire Generates password expiration-related reports for help desk personnel
Fully Automated Approach: NetWrix Password Expiration Notifier NetWrix Password Expiration Notifier fits this description perfectly. This lightweight FREEWARE program completely automates password expiration monitoring and notification, and generates related reports. Importantly, it comes with a free and a commercial version. The free version is fully functional and can be used in a production environment with no strings attached, but it lacks several customization -related options of the commercial version. Password Expiration Notifier uses e-mail, which has a number of benefits: The messages reach the addressees whether they are using a W indows workstation, a Unix box, VPN or Outlook Web Access from home. No additional infrastructure configuration is necessary—your environment already has all you need. Reports on password expiration can automatically be sent to administrators and help desk personnel. The notification messages can be made as informative as necessary. By providing editable notification templates, Password Expiration Notifier makes it easy to achieve integration with a self-service password management system (such as NetWrix Password Manager or any other product) that might be deployed in the environment. For that, the notification template should simply include a link to the self-service Web page and possibly a brief set of instructions for the user. The basic free version of NetWrix Password Expiration Notifier is available free of charge from http://www.netwrix.com/password_expiration_notifier_freeware.html for evaluation or production use. ©2009 NetWrix Corporation. All rights reserved. NetWrix, Password Expiration Notifier and Password Manager are trademarks of NetWrix Corporation and/or one or more of its subsidiaries, and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners.

Recommandé

Girls of Promise-Schedule A
Girls of Promise-Schedule AGirls of Promise-Schedule A
Girls of Promise-Schedule AWomen's Foundation of Arkansas
 
Euskal mitologiaren aurkezpena egin ziguten 6
Euskal mitologiaren aurkezpena egin ziguten 6Euskal mitologiaren aurkezpena egin ziguten 6
Euskal mitologiaren aurkezpena egin ziguten 6ELIZALDE
 
Ashwini
AshwiniAshwini
Ashwiniashu Kusha
 
Syaela wati achmad 94
Syaela wati achmad 94Syaela wati achmad 94
Syaela wati achmad 94Syaela Wati Achmad
 
Portfolio 2011 2
Portfolio 2011 2Portfolio 2011 2
Portfolio 2011 2DavidSoto_Graphic
 
Cotxes tuning
Cotxes tuningCotxes tuning
Cotxes tuninglluisrebull
 
PR for Startups
PR for StartupsPR for Startups
PR for StartupsSue Duris, MBA
 
Ch. 1 plainchant & secular monophony
Ch. 1 plainchant & secular monophonyCh. 1 plainchant & secular monophony
Ch. 1 plainchant & secular monophonydavaughnmiller
 

Recommandé

Girls of Promise-Schedule A
Girls of Promise-Schedule AGirls of Promise-Schedule A
Girls of Promise-Schedule AWomen's Foundation of Arkansas
 
Euskal mitologiaren aurkezpena egin ziguten 6
Euskal mitologiaren aurkezpena egin ziguten 6Euskal mitologiaren aurkezpena egin ziguten 6
Euskal mitologiaren aurkezpena egin ziguten 6ELIZALDE
 
Ashwini
AshwiniAshwini
Ashwiniashu Kusha
 
Syaela wati achmad 94
Syaela wati achmad 94Syaela wati achmad 94
Syaela wati achmad 94Syaela Wati Achmad
 
Portfolio 2011 2
Portfolio 2011 2Portfolio 2011 2
Portfolio 2011 2DavidSoto_Graphic
 
Cotxes tuning
Cotxes tuningCotxes tuning
Cotxes tuninglluisrebull
 
PR for Startups
PR for StartupsPR for Startups
PR for StartupsSue Duris, MBA
 
Ch. 1 plainchant & secular monophony
Ch. 1 plainchant & secular monophonyCh. 1 plainchant & secular monophony
Ch. 1 plainchant & secular monophonydavaughnmiller
 
AEP-OU-social media-04-24-13
AEP-OU-social media-04-24-13AEP-OU-social media-04-24-13
AEP-OU-social media-04-24-13AEP Economic & Business Development
 
Marina Parque das Nações - ABOUT US
Marina Parque das Nações - ABOUT USMarina Parque das Nações - ABOUT US
Marina Parque das Nações - ABOUT USMarina Parque Das Nações
 
Drupal 7 training
Drupal 7 trainingDrupal 7 training
Drupal 7 trainingRavi Yelluripati
 
EKOINSTAL Skierniewice
EKOINSTAL SkierniewiceEKOINSTAL Skierniewice
EKOINSTAL SkierniewicesalonyVi
 
IKASLEEN FOROA
IKASLEEN FOROAIKASLEEN FOROA
IKASLEEN FOROAELIZALDE
 
Navigating the Healthcare System while Attempting to Meet the Needs of a Chil...
Navigating the Healthcare System while Attempting to Meet the Needs of a Chil...Navigating the Healthcare System while Attempting to Meet the Needs of a Chil...
Navigating the Healthcare System while Attempting to Meet the Needs of a Chil...mitoaction
 
Sf v projekt_wroclaw
Sf v projekt_wroclawSf v projekt_wroclaw
Sf v projekt_wroclawsalonyVi
 
edukasi 1502 3462-1-pb
edukasi 1502 3462-1-pbedukasi 1502 3462-1-pb
edukasi 1502 3462-1-pbNukhbatul Haka
 
U7 1ME108
U7 1ME108 U7 1ME108
U7 1ME108 Anna Persson Ellman
 
TEST_rev
TEST_revTEST_rev
TEST_rev새별 김
 
AEP's Systemwide Economic Development Program
AEP's Systemwide Economic Development ProgramAEP's Systemwide Economic Development Program
AEP's Systemwide Economic Development ProgramAEP Economic & Business Development
 
Mealworms study protein content
Mealworms study protein contentMealworms study protein content
Mealworms study protein contentPaulo Junior
 
Idea to startup
Idea to startupIdea to startup
Idea to startupMohamed Khalloufi
 
Audience feedback
Audience feedbackAudience feedback
Audience feedbackanisha94
 
File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and whereNetwrix Corporation
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureNetwrix Corporation
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsNetwrix Corporation
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryNetwrix Corporation
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureNetwrix Corporation
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetwrix Corporation
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsNetwrix Corporation
 
Auditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsAuditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsNetwrix Corporation
 

Contenu connexe

En vedette

EKOINSTAL Skierniewice
EKOINSTAL SkierniewiceEKOINSTAL Skierniewice
EKOINSTAL SkierniewicesalonyVi
 
IKASLEEN FOROA
IKASLEEN FOROAIKASLEEN FOROA
IKASLEEN FOROAELIZALDE
 
Navigating the Healthcare System while Attempting to Meet the Needs of a Chil...
Navigating the Healthcare System while Attempting to Meet the Needs of a Chil...Navigating the Healthcare System while Attempting to Meet the Needs of a Chil...
Navigating the Healthcare System while Attempting to Meet the Needs of a Chil...mitoaction
 
Sf v projekt_wroclaw
Sf v projekt_wroclawSf v projekt_wroclaw
Sf v projekt_wroclawsalonyVi
 
edukasi 1502 3462-1-pb
edukasi 1502 3462-1-pbedukasi 1502 3462-1-pb
edukasi 1502 3462-1-pbNukhbatul Haka
 
Mealworms study protein content
Mealworms study protein contentMealworms study protein content
Mealworms study protein contentPaulo Junior
 
Audience feedback
Audience feedbackAudience feedback
Audience feedbackanisha94
 

En vedette (14)

AEP-OU-social media-04-24-13
AEP-OU-social media-04-24-13AEP-OU-social media-04-24-13
AEP-OU-social media-04-24-13
 
Marina Parque das Nações - ABOUT US
Marina Parque das Nações - ABOUT USMarina Parque das Nações - ABOUT US
Marina Parque das Nações - ABOUT US
 
Drupal 7 training
Drupal 7 trainingDrupal 7 training
Drupal 7 training
 
EKOINSTAL Skierniewice
EKOINSTAL SkierniewiceEKOINSTAL Skierniewice
EKOINSTAL Skierniewice
 
IKASLEEN FOROA
IKASLEEN FOROAIKASLEEN FOROA
IKASLEEN FOROA
 
Navigating the Healthcare System while Attempting to Meet the Needs of a Chil...
Navigating the Healthcare System while Attempting to Meet the Needs of a Chil...Navigating the Healthcare System while Attempting to Meet the Needs of a Chil...
Navigating the Healthcare System while Attempting to Meet the Needs of a Chil...
 
Sf v projekt_wroclaw
Sf v projekt_wroclawSf v projekt_wroclaw
Sf v projekt_wroclaw
 
edukasi 1502 3462-1-pb
edukasi 1502 3462-1-pbedukasi 1502 3462-1-pb
edukasi 1502 3462-1-pb
 
U7 1ME108
U7 1ME108 U7 1ME108
U7 1ME108
 
TEST_rev
TEST_revTEST_rev
TEST_rev
 
AEP's Systemwide Economic Development Program
AEP's Systemwide Economic Development ProgramAEP's Systemwide Economic Development Program
AEP's Systemwide Economic Development Program
 
Mealworms study protein content
Mealworms study protein contentMealworms study protein content
Mealworms study protein content
 
Idea to startup
Idea to startupIdea to startup
Idea to startup
 
Audience feedback
Audience feedbackAudience feedback
Audience feedback
 

Plus de Netwrix Corporation

File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and whereNetwrix Corporation
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureNetwrix Corporation
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsNetwrix Corporation
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryNetwrix Corporation
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureNetwrix Corporation
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetwrix Corporation
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsNetwrix Corporation
 
Auditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsAuditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsNetwrix Corporation
 
Automated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsAutomated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsNetwrix Corporation
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceNetwrix Corporation
 
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingHow the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingNetwrix Corporation
 
Ensuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaEnsuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaNetwrix Corporation
 
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Netwrix Corporation
 
Active Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseActive Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseNetwrix Corporation
 
Extending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerExtending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerNetwrix Corporation
 
Staying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesStaying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesNetwrix Corporation
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementNetwrix Corporation
 
Exchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseExchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseNetwrix Corporation
 

Plus de Netwrix Corporation (20)

File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and where
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructure
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutions
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directory
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT Infrastructure
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don Jones
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal Regulations
 
Auditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsAuditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases Auditors
 
Automated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsAutomated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users Accounts
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
 
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingHow the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
 
Ensuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaEnsuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable Media
 
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
 
Active Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseActive Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the Enterprise
 
Extending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerExtending Change Auditing to Exchange Server
Extending Change Auditing to Exchange Server
 
Staying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesStaying Abreast of Group Policy Changes
Staying Abreast of Group Policy Changes
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout Management
 
Exchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseExchange Auditing in the Enterprise
Exchange Auditing in the Enterprise
 
File Auditing in the Enterprise
File Auditing in the EnterpriseFile Auditing in the Enterprise
File Auditing in the Enterprise
 
File auditing on NetApp Filer
File auditing on NetApp Filer File auditing on NetApp Filer
File auditing on NetApp Filer
 

Dernier

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Dernier (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Preventing Password Expiration Proactively

  • 1. Preventing Password Expiration Proactively White Paper
  • 2. Preventing Password Expiration Proactively —White Paper Contents Password Expiration: Why Should You Care? ..................................................................................................... 3 How to Tackle the Problem ................................................................................................................................. 4 Going the Easy Way ........................................................................................................................................ 4 Coding Your Way Out of It .............................................................................................................................. 4 Passing the Buck ............................................................................................................................................. 5 What Matters in a Solution ............................................................................................................................ 6 Fully Automated Approach: NetWrix Password Expiration Notifier .................................................................. 7 2
  • 3. Password Expiration: Why Should You Care? Password expiration is a well-known pain for IT help desk personnel. Requests to reset expired passwords can constitute a sizable portion of the total help desk workload. Because password expiration is periodic, the help desk tends to be flooded with calls about expired passwords every once in a while. This issue wastes time and limits productivity, but setting passwords never to expire is not an option. Periodically renewing passwords is not only common sense practice, but often also an important requirement for security compliance. Barring irresponsibility, users typically let the passwords of their accounts expire because: they don’t login interactively (e.g. VPN and OWA users) they stay logged on for long periods of time and don’t receive reminders they use operating systems other than W indows (e.g. Linux or Mac) W ith the right tools, the number of help desk calls about expired passwords can be reduced dramatically by configuring timely reminders for users. The immediate benefit of this is to gain more time for the help desk to handle issues that are not so trivial but no less costly.
  • 4. How to Tackle the Problem Going the Easy Way Arthur administers an Active Directory domain where most computers run W indows Server 2003 and W indows XP. A few Linux boxes are also joined to the domain, and authentication is transparent on these boxes due to a single sign-on system. To prevent password expiration, Arthur uses built-in Active Directory notification. Of course, that does not cover the Linux us ers, but they have been instructed to use calendar reminders to warn them when their passwords are about to expire. The Linux users don't seem to mind, and the reminders help most of the time. Group Policy is the obvious choice for reminder configuration in an Active Directory environment. In particular, the Interactive logon: Prompt user to change password before expiration option is helpful. It makes sure that during W indows interactive logons, users are prompted to change their password a few days before expiration. To provide similar prompts for Outlook Web Access users, you need to take additional Exchange configuration steps, which decentralizes the setup of essentially the same feature. This solution is valid in a W indows-only environment but becomes a lot less attractive as soon as Active Directory-integrated Unix, Linux and Mac hosts come into the picture. Users of these systems will not receive Group Policy-triggered warnings, and the password age of these accounts needs to be t racked specifically. Another consideration is that the default prompts are not always effective. They are suitable for an informed audience who realize the importance of password policies. W ithout this knowledge, people tend to ignore the prompts and carry on with their work, letting the passwords expire. In these cases, there should be a notification method informing the user that changing the password is not “just something you do,” but a way to make the workplace more secure. Coding Your Way Out of It Bill is in charge of a heterogeneous Active Directory environment comprising W indows, Linux and Mac OS. The share of Linux and Mac boxes is considerable, although thankfully there is little variety in operating system versions. Being a competent coder, Bill has designed and remotely deployed a set of logon scripts for the non-W indows computers that duplicates the functionality of built-in W indows password expiration reminders. The scripts are production -tested and work fairly well, but recently due to an upgrade of the Linux systems it took Bill a whole day to update and debug the scripts. One way to deal with expiring passwords on non-W indows computers is to deploy scripts or programs that use LDAP to check the state of the account password at logon. This is easier said than done. An
  • 5. administrator tasked with rolling out such a configuration would face the following complications: The same logic has to be ported to multiple systems, considering initialization methods, installed software, etc. The scripts and programs require testing and support. If no centralized software rollout system is in place, this software has to be installed on each computer individually. As a result, the solution might not prove cost-effective, and the administrator might have to cut the costs by deploying freely available software instead of developing it in-house. In the process, the administrator will sacrifice support, and often reliability. Passing the Buck Carol is the administrator of an environment that integrates W indows, Mac, Solaris and Linux computers, some of them operated by remote users. Setting up password expiration warnings on all the computers is impractical and infeasible, so it has been decided that help desk should monitor password age and notify the users in advance when their passwords are about to expire. Carol has equipped help desk with reporting software for the purpose. This proactive measure alleviates the problem but does not remove it—help desk workload is such that notification messages do not arrive as frequently as they should. Carol is researching to find a better, more automated solution. The administrator might decide that client-side password expiration warnings are just not worth the effort. Then help desk personnel might be charged with using reports on account password state and manually sending e-mail notifications to users whose passwords are about to expire. On the one hand, this quick and dirty solution has a few benefits: It provides control of the state of all account passwords, including the accounts whose owners do receive the expiration warnings. It rightly shifts attention from computers to people who use the accounts. It is easy to find and deploy reporting software that displays the necessary information. On the other hand, this method has several disadvantages: Users who do not receive the warnings are out of the loop, although they could easily tend to reset their passwords themselves. Help desk personnel have to spend time tracking password age instead of handling more serious issues.
  • 6. What Matters in a Solution As these examples show, a good solution to the problem of warning the owners of soon-to-expire passwords should: Reliably and flexibly inform users about impending password expiration —the administrator should be able to configure how soon the notification starts and to make the notification messages informative Be platform-independent—the system should work identically on all platforms that the account may be used on Be account-centric, not computer-centric—no client software installation should be necessary; the warnings are directed to the account owner, not to the user of a particular machine Reinforce the notification functionality with reporting tools for help desk personnel —although this is a secondary goal, it can reduce the number of calls One way to satisfy these requirements is to design software that: Sits in a single place in an Active Directory domain Automatically monitors the age of account passwords Sends configurable notification messages to the mailboxes of accounts whose passwords are about to expire Generates password expiration-related reports for help desk personnel
  • 7. Fully Automated Approach: NetWrix Password Expiration Notifier NetWrix Password Expiration Notifier fits this description perfectly. This lightweight FREEWARE program completely automates password expiration monitoring and notification, and generates related reports. Importantly, it comes with a free and a commercial version. The free version is fully functional and can be used in a production environment with no strings attached, but it lacks several customization -related options of the commercial version. Password Expiration Notifier uses e-mail, which has a number of benefits: The messages reach the addressees whether they are using a W indows workstation, a Unix box, VPN or Outlook Web Access from home. No additional infrastructure configuration is necessary—your environment already has all you need. Reports on password expiration can automatically be sent to administrators and help desk personnel. The notification messages can be made as informative as necessary. By providing editable notification templates, Password Expiration Notifier makes it easy to achieve integration with a self-service password management system (such as NetWrix Password Manager or any other product) that might be deployed in the environment. For that, the notification template should simply include a link to the self-service Web page and possibly a brief set of instructions for the user. The basic free version of NetWrix Password Expiration Notifier is available free of charge from http://www.netwrix.com/password_expiration_notifier_freeware.html for evaluation or production use. ©2009 NetWrix Corporation. All rights reserved. NetWrix, Password Expiration Notifier and Password Manager are trademarks of NetWrix Corporation and/or one or more of its subsidiaries, and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners.