|
Self Service Reset Password Management is an application
which allows end-users to reset their own (Active Directory)
passwords. This eliminates the need for a helpdesk and system
administrators to service these requests when a user has
forgotten his or her password.
 ....Watch
Video
Less involvement of IT staff
Password reset requests form a substantial part of all
helpdesk calls. Such requests often show a peak on Monday
morning and during holiday seasons. Higher call volumes will not
only require extra staff to cope with the frustrating task of
resetting passwords. An organization also runs the risk that
other important Helpdesk tasks remain unattended or unresolved.
The password requests volume is also related to the password
procedures in an organization. The volume will increase
significantly if the password complexity rules are
enabled. The same will likely happen if the period allowed for a
password reset is reduced.
With SSRPM, end-users can reset their own passwords. They do
not have to wait until the helpdesk can service their requests.
This will drastically reduce both user downtime and the number
of calls to the Helpdesk.
Increased security
Few organizations have a strong policy in place for lodging
and servicing reset password requests. Imagine the consequences
if an employee calls the Helpdesk for a password reset request,
pretending to be the senior financial officer ‘John Smith’.
SSRPM offers end-users an interface which is both secure and
easy to use. At the same time, administrators are offered full
control over the validation process. They determine the
validation questions and specify how many questions must be
correctly answered to allow a password reset. This virtually
eliminates any possible errors in the reset password process.
How does it work?
Self Service Reset Password Management is based on the principle
that an end-user can reset his own password, without
involvement of the helpdesk, by simply answering a series of
challenge questions (e.g. “What is the name of your best
friend?”).
Self Service Reset Password Management consists of three main
software components:
| 1. |
The SSRPM User Client Software
Based on a GPO on an OU/domain, a small piece of
software needs to be installed on every workstation in
the corresponding OU/domain. This software communicates
with the central SSRPM service to allow end-users to
reset their passwords and adds an extra "Forgot my
password" to the standard Windows logon dialog.
When the end-user logs on, the software will check with
the central SSRPM Service if the user has already
enrolled into SSRPM. If not, the user will be asked
automatically to enroll. The end-user is allowed to skip
the enrollment. If the end-user hits the button “Forgot
my password” and the end-user has enrolled, the software
will retrieve the set of questions and answers from the
central service and the end-user can start the process
of resetting the password. The final password reset is
performed by the central SSRPM Service.
After the reset, the end-user can log in immediately
using the logon dialog. |
| 2. |
The SSRPM Service
The central SSRPM service stores all the answers in the
SSRPM database (as an MD5 encrypted irreversible hash
value) and processes the reset password requests. The
service is installed during the installation process of
Self Service Reset Password Management. For a succesfull
installation, the service must have access to a Windows
Domain Controller. The service is managed by the SSRPM
Admin Console. |
| 3. |
The SSRPM Admin Console
The SSRPM Admin Console is operated by the sys admin and
the helpdesk. It guides the sys admin through the
installation of the central SSRPM service. The admin
console also assists in the enrollment process and in
monitoring service events (for instance: password resets
or end-user enrollments) during normal operation through
the SSRPM Dashboard and several overviews. |
Features
General
 |
"Forgot my password" button on the login dialog. |
|
|
Multiplatform support, to be able to for instance
reset the password of a user account on other systems,
like: UNIX, Linux, Novell and a lot more. |
|
|
Windows Vista support, with which a "Forgot My
Password" link will be added to the Windows Vista logon
screen. |
|
|
Multilingual support for the languages: English,
French, German, Italian, Spanish, Polish, Portuguese and
Dutch. |
|
|
COM interface to support full end-user web
functionality, so that users can enroll and reset their
passwords via a web browser. |
|
|
End-users can reset their password and unlock their
account without intervention of the helpdesk. |
|
|
Enrollment is integrated in the user login. If a
user logs on when he/she is not yet enrolled he/she will
be asked automatically to enroll. |
|
|
Number of questions, which questions, number of
retries can be determined by the sys admin with the
SSRPM Admin Console |
|
|
Password is reset and account is unlocked in Active
Directory, other platforms and applications will follow
shortly. |
Sys admin features
|
|
Easy to use wizard interface to roll out SSRPM into
the organization. |
|
|
SSRPM can be configured on domain or OU level. |
|
|
Configurable number of questions. |
|
|
Password complexity confirmation suggestions when an
end-user resets his password. Like "Make sure that you
password is 7 characters long". |
|
|
Fully integrated logging of all SSRPM actions in the
network by console and end-users. |
|
|
Sys admin can be notified when an event occurs (for
instance when a user enrolls or resets his or her
password). |
Security settings
|
|
Support for password policy enforcement
capabilities: Password History, Minimum Password Age and
Password Complexity. |
|
|
End-user answers are encrypted and stored with MD5
irreversible hash key. |
|
|
Number of retries can be set. |
|
|
Number of predefined and end-user questions can be
set. |
|
|
Different security levels can be used from weak to
strong. |
|
|
Enable/disable the option to show end-user which
answer is wrong. |
|
|
Enable/disable readable answers typed in by
end-user. |
|
|
Several answer comparison options to improve
security. |
SSRPM Admin Console
|
|
Global overview of end-users which are not enrolled,
enrolled. |
|
|
Overview of wrong password reset requests. |
|
|
Dashboard overview of the current status of SSRPM. |
|
