0
spadasoe 
2360 pts. | Jun 15 2005 9:01AM GMT
IMHO, if they can’t either get it right in 5 tries, or if they ignore password expiration warnings for 5-10 days, they deserve to be lockked out. Set a delay for unlocking the account (we use 10 minutes), and on resets, make it a real chore to get your staff to perform this task. User education is sometimes painful, but in many cases it works.
spadasoe 2360 pts. | Jun 15 2005 9:02AM GMT
IMHO, if they can’t either get it right in 5 tries, or if they ignore password expiration warnings for 5-10 days, they deserve to be lockked out. Set a delay for unlocking the account (we use 10 minutes), and on resets, make it a real chore to get your staff to perform this task. User education is sometimes painful, but in many cases it works.
TheVyrys 0 pts. | Jun 15 2005 9:24AM GMT
I agree that they should take more initiative in being able to remember their password.
You may have already implemented something or thought about it, but I train our users on how to be creative with their complexity requirements. It can become quite simple for them.
Example:
If they like camping, their password could be C@mping.
that meets the 3 of 4 complexity requirements.
another example I give them: $50cash
or: #1mommy
It’s funny to see their eyes light up during training when they realize how easy it is, and some of the creative people actually have fun doing it.
That training alone has cut out our workload tremendously.
good luck!
aknair 0 pts. | Jun 15 2005 10:05AM GMT
Hey Greg,
Are you sure that users are typing thir passwords wrong…..or is someone trying to compromise the network, by trying to hack passwords.
We had an issue within our organization, where a user’s account would get locked out every day. We couldn’t track down the reason why this was happening. It just ceases to occur after few weeks.
I dont mean to worry you…its better to be safe than sorry.
aknair
gottaggedsoamnowIT 0 pts. | Jun 15 2005 2:17PM GMT
At my company, users (like myself) are able to instantly reset and re-enable their own passwords/accounts in the secured, web-based associate resource utility, but they must be able to answer a few security questions first to get a new, temporary password:
1. Employee ID Number xxxxxx
2. Soc. Security Number xxx-xx-xxxx
3. Birth date Month-Day-Year
4. Home zip code xxxxx
The data for the above prompts can be queried through the employee’s profile, and it saves us hundreds of unneeded calls a day to our Helpdesk. (A big time/money saver!)
Good luck.
Gary
dpiatt 0 pts. | Jun 15 2005 2:43PM GMT
I don’t care how secure the site is - I wouldn’t want all of my personal information available from the web.
Maybe one of those questions, not SS#, and maybe my favorite kind of Dog, lol
Do you guys run Sharepoint Portal Server, I have a webpart in Portal that will change the users password for Active directory.
Dane
GregNottage 0 pts. | Jun 15 2005 3:31PM GMT
Most of our users access a timesheet system that runs on our network. They login using their AD user account, but they seem to regularly forget their passwords, since most of them only access this webpage to log their timecards. The webpage doesn’t handle the password resets, so I need another solution.
We do have a Sharepoint Portal server, and it is public facing (via https).
If you can let me know how to get Sharepoint configured to help with the password resets, that would be great.
I also like the idea of having data stored that is used to challenge the user trying to reset the password.
Thanks for all your responses, they are all appreciated 
Kind Regards,
Greg.
EricHarris 0 pts. | Jun 16 2005 10:42AM GMT
You could give the department managers rights to those two functions and then create Taskpads for them that could only do those two things. This offloads a task that doesn’t really require technical skills to the people that are directly responsible for the employees that have the problem. That sort of thing is one of the primary uses for Taskpads.
dpiatt 0 pts. | Jun 16 2005 11:46AM GMT
Ok - If you have Sharepoint then you can talk to Advis about a webpart to accomplish this.
dunklur 0 pts. | Jun 17 2005 6:20AM GMT
i love replies #2 and #3. they’ve been sent twice. in case of wrong passwords one try less.
imagine users who have to remember quite a many of passwords sometimes mixing them up and sometimes mis-typing them indeed. by educating them you have quite a chance to teach them to write passwords down and all that stuff. do you already know possible causes for that amount of errors? Have you considered which time for locking their account is enough regarding possible hacks? 1 minute ? what happens, when they cannot logon for a long time?
regards wolfgang
abheejeet 0 pts. | Jun 20 2005 9:19AM GMT
Hi Greg,
I don’t exactly know if this is of interest to you.
While I was studying for my foundation degree, my institute’s system used a three chance policy. If by mistake someone tried using a wrong password thrice, his or her password would automatically be reset to the original password, which was allocated to them at the first instance. But the catch in this is that the user can’t use the last 5 password combination.
Although this sort of thing was not a regular feature but, everytime this happened the user had to give out some information about themselves to the system in order to authenticate them properly. Every user was supposed to have a alphanumerical password.
hope this helps.
abheejeet
vqt411 0 pts. | Jun 28 2005 4:48PM GMT
You can try a 3rd party utility from Quest Software. Quest Password Reset Manager allows end users to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload. Password Reset Manager provides a simple, secure solution that allows end users to reset forgotten passwords and unlock their user accounts themselves. Password Reset Manager accommodates the widest possible range of organization requirements and data security standards. There is a trial version that you can implement on a test environment and see if it fit your needs.
Sgiovanni 10 pts. | Nov 22 2007 1:35AM GMT
GottaggedsoamnowIT / Gary,
What is the “secured, web-based associate resource utility” your company uses?
Gefff 10 pts. | Feb 22 2008 2:29PM GMT
I can give you a good example of such utility.
You can take a look at password self service from scriptlogic. It’s highly secured password management solution.
For example, for self password reset or changing users are prompted with several challenge questions that they must to answer.
Also this tool can ensure to accept only the passwords that meet defined by administrator’s polices.
Robert Stewart 1810 pts. | Oct 31 2008 5:45PM GMT
I think you should let the user feel your staffs pain when a password needs to be reset, I would not use any third party software on a so called secure website just to alleviate this problem. Websites are hacked and easily redirected, do you want to put all of your remote users at risk of having their password hacked. This is an extreme risk for little reward. Let your IT Staff handle password and lockout problems these controls are in place for a reason. Just my opinion though.
KevinBeaver 7610 pts. | Nov 3 2008 4:38PM GMT
It’s easy to blame users on this one and try to prove a point. I completely understand that mindset. But in the end you’ve got to look at what’s best for the business. Do you want to be right or do you want to be happy? Each and every password reset costs the business money and it keeps admins from focusing on more productive things like teaching people how to create easy to remember yet impossible to crack passphrases so users are not getting locked out in the first place. Check out Passfilt Pro - a good tool to help get your password policies under control.
Robert Stewart 1810 pts. | Nov 4 2008 9:37PM GMT
I’m not interested in blaming the end user, I just think this is a disaster waiting to happen by allowing users to change their password on a so called secure website. Again websites are targets for hackers and keyloggers. It takes little time to unlock an account or reset a password in the AD, this should not be a huge task for admins, granted the more users the more time that could be consumed doing this but again security is my primary concern for the network and a password change tool open to the external internet is not secure, and will probably be flagged as a problem in a security audit, again this is my opinion. What if the remote users pc is infected with a keylogger and then uses this tool? The server running this app is now compromised. I just think the risks need to be identified and then make the decision that is best for your network.
ITpro81 10 pts. | Oct 5 2009 2:28PM GMT
The following free tools can help you:
Web-based Password Reset for Active Directory - this one is just a simple web app with password change (enter old password, create new password).
NetWrix Password Expiration Notifier - automated password reminders sent by e-mail to users with expiring passwords.
Finn32 20 pts. | Oct 7 2009 9:26AM GMT
Hi Greg,
when you have many users, you need to consider the enrollment process of the existing and future users.
FastPassCorp has a password reset product that reset passwords for AD users on secure webpage, you can get more information on <a href="http://fastpasscorp.com" title="http://fastpasscorp. " target="_blank">fastpasscorp.com</a>
regards
