Another option is simply to set the PwdLastSet attribute to 0 this will
force everyone to change their password. If you also set Password
complexity rules before you do this, it will force everyone to use a
complex password.
Raoul
krymson@gmail.com wrote:
This is just scary. While I won't ask you to share it if you can't, just keep
in mind the reason why you may need to do this. If you can phase it, for
instance, do 1,000 people a day so that you can avoid swamping your help desk
with the phone calls, that is better than doing all 10,000 out of the blue.
Definitely alert people well in advance that this will be happening.
If this is something you can do over the course of 30 days and have them
trickle in slowly, just force everyone to make a new password next time them
log in. After a month or two, audit the accounts for any that simply have not
rebooted in a month. Then make this a permanent policy.
Since you need to get a new password to users but need to verify them over the
phone, that kinda implies your help desk will need to contact the user, not the
other way around (I could call in and ask for John Doe's password, unless you
call me back...). And since you'll already have them on the phone, you may as
well distribute the passwords that way. Help desk sets a quick password, user
logs in, and is forced to change password so help desk no longer knows it.
As a last ditch effort if you have to do this tomorrow, I would suggest tonight
changing everyone's password to something random, and make them call the help
desk in the morning. The help desk can verify the user, change the password,
set it to require a new password on next logon, and get the user back in and
working...but be prepared for 10K users calling in that morning. Also, be
prepared for people not having logged off and finding some network services
don't work because their password is changed and now their account is locked
out. :)
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
--
Raoul Armfield
rarmfield at amnh dot org
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
