Many thanks for your e-mail!
Although I'd be interested to see what solutions exist for this (and I'm
sure there are some), in my experience it's beyond the scope of most
Network Administrators to simply resort to a third party package
whenever there's something like this which a licensed software package
can't already do.
Especially in outfits which have limited resources and staffing, this
isn't a viable solution both because of the outlay in licensing new
software and in setting up / supporting the new package; this does,
however, depend upon your business size, and the particular package in
question.
Like I said, however, I'd be interested to see what commercial solutions
do exist for this and how resilient they are - part of the reason for my
apprehension is that in my experience a significant number of windows
network management packages and addons for Active Directory, etc, are
poorly integrated and don't represent terribly good value for money.
It's also something which Windows, as an integrated solution providing
VPN and Authentication packages, should be implementing already, as it's
well within the scope of both products, and could probably be
accomplished without breaking any standards which these products already
adhere to!
I haven't seen many implementations of token authentication in anything
but large/high-risk operations, but token authentication used for remote
access mitigates some of these issues; the uptake for token
authentication is shockingly though given the extra layer of security it
provides, however.
kind regards,
- James.
On Tue, 2005-02-08 at 12:47 +0530, prasenjit.saha@wipro.com wrote:
This process can be automated by implementing identity and access
management solution.
Thanks and Regards,
Prasenjit Saha
General Manager & Practice Head
Enterprise Security Solutions
Wipro Technologies
-----Original Message-----
From: James Eaton-Lee [mailto:james.mailing@gmail.com]
Sent: Monday, February 07, 2005 11:28 PM
To: William Stegman
Cc: focus-ms@securityfocus.com
Subject: Re: active directory password policy
Set the 'password does not expire' flag and make a note in your outlook
calender to call them every few months and get them to reset the
password either over the phone with one of your IT staff, onsite (if
they're ever onsite) or via terminal services.
I badger my remote staff whenever they're onsite (usually once a month)
and have them do it every few times they're here. Unfortunately, I
haven't found any more intelligent or efficient way of doing it than
this.
- James.
On Fri, 2005-02-04 at 17:10 -0500, William Stegman wrote:
Does anyone have any experience with remote users who do not login to
the domain on a regular basis or at all, and have a password
expiration
policy in effect? We can't seem to come up with a good plan to handle
these users. They only occassionally access domain resources such as
webmail via the Internet or an internal website to do timesheets via
vpn, and will not have the luxury of logging on to a machine connected
to our LAN and getting the warning about soon to expire passwords. If
our policy dictates passwords expire every 90 days, how can we avoid
the
inevitable calls regarding password resets?
thx
/William Stegman - Network Administrator///
TransCore - Hummelstownd
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
Confidentiality Notice
The information contained in this electronic
message and any attachments to this message are
intended for the exclusive use of the addressee(s)
and may contain confidential or privileged information.
If you are not the intended recipient, please notify
the sender at Wipro or Mailadmin@wipro.com immediately
and destroy all copies of this message and any attachments.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
