willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
re: subject, anyone maintain a system like this at the moment? We would like our Active Directory users to be able reset their passwords using custom questions and or other methods. Currently looking at LANDesk Password Central - interested to see what else is out there?
|
Neo
Member
Registered: 20th Feb 07
Location: Essex
User status: Offline
|
I looked into it before and trialed manage engine AD manager which worked well but was very expensive. Was a while back now though
|
LukesCorsaSXi
Member
Registered: 2nd Jan 11
Location: Sheffield
User status: Online
|
We use SSRPM - when a user signs in they are asked 5 questions. If a user wants their password resetting our first line guys usually go through the questions they have used and answer them accordingly.
Once setup a user is required to be in a certain OU group to push the initial SSRPM setup out to them.
|
Andrew
Member
Registered: 5th May 04
Location: Skoda Octavia Estate, Ford Puma
User status: Offline
|
If a user can't rememeber their own password, good luck getting them to go thorugh a series of questions.
|
Gaz
Member
Registered: 24th Aug 03
Location: Widnes, Cheshire
User status: Offline
|
I'm sure we have Manage Engine installed in work too but not live yet, but my old place used Quest IIRC.
Either way they are all the same from the front end, you need to work out what requirements you want from the back end and then simple design and promote it to your user base.
No-one likes having to do it themselves but the pro's far out way the con's for this type of tool especially if your are a 24/7 business.
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
its a college, will come down to cost vs amount of calls we have logged in the past for password resets.
|
LukesCorsaSXi
Member
Registered: 2nd Jan 11
Location: Sheffield
User status: Online
|
quote:
Originally posted by Andrew
If a user can't rememeber their own password, good luck getting them to go thorugh a series of questions.
They're questions for which the answers do not change. For example; What is your maiden name? Or, what was your first car?
|
Richie
Member
Registered: 3rd Dec 02
Location: Newport, Wales
User status: Offline
|
For any of our clients that want self service password resets we use Quest Password Manager - pretty cheap if you have a good relationship with Dell.
Also has a handy feature for remote / VPN users where it caches the user reset info and allows for resets / unlocks when the user has no connectivity 
|
Gaz
Member
Registered: 24th Aug 03
Location: Widnes, Cheshire
User status: Offline
|
quote:
Originally posted by willay
its a college, will come down to cost vs amount of calls we have logged in the past for password resets.
Your problem will be ensuring the cost covers the correct level of security also. I'd imagine in the education side of IT support, you always have one smartarse trying to make life difficult for you.
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
quote:
Originally posted by Gaz
quote:
Originally posted by willay
its a college, will come down to cost vs amount of calls we have logged in the past for password resets.
Your problem will be ensuring the cost covers the correct level of security also. I'd imagine in the education side of IT support, you always have one smartarse trying to make life difficult for you.
Not really, everything gets implemented with security in mind.
|
Richie
Member
Registered: 3rd Dec 02
Location: Newport, Wales
User status: Offline
|
Think what Gaz was implying is that there's always 1 cock in management that has a say in the solution and doesn't like the idea of self service password resets and sees it as a security risk. We have management on certain customers that don't allow us to use trunked ports to servers as they see it as a security risk 
So instead of me having 4U servers with 6x10GB interfaces (2 for management, 4 for all customer traffic vlans) ... I have over 30 1gb ports per server. It's a cabling nightmare and the customer is paying the price heavily!
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
 oh dear
Okay well thanks for that, I'm merely after product suggestions and names so I can go out there and seek trials, and of course any experience of said products would be helpful. We want to empower the students and free up the help desk but if its too much money then its too much money
|
Richie
Member
Registered: 3rd Dec 02
Location: Newport, Wales
User status: Offline
|
Quest really works well imo. Pricing direct is £4.11 per user that you want to enable self service on. If you buy hardware from Dell they will usually pull their pants down for you on the pricing. They did us a shockingly good deal on a recent customer that needed the use of Quest Migration Manager.
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
Quest huh, I haven't heard that name since vranger, and Dell completely fucked that product up when they got bought out
|
Neo
Member
Registered: 20th Feb 07
Location: Essex
User status: Offline
|
Seen Nervepoint banded round as a free solution. Never tried it though but it seems to be rated highly
|
Kyle T
Premium Member
Registered: 11th Sep 04
Location: Selby, North Yorkshire
User status: Offline
|
quote:
Originally posted by Richie
For any of our clients that want self service password resets we use Quest Password Manager - pretty cheap if you have a good relationship with Dell.
Also has a handy feature for remote / VPN users where it caches the user reset info and allows for resets / unlocks when the user has no connectivity
We had this for years but eventually stopped licensing it at people just weren't enrolling to the system.
One of the nice features though was the "admin mode", you could essentially empower a shift supervisor or manager to perform password resets/unlocks for his/her team. Really useful for night shifts etc when the IT Helpdesk is only 9-5.
I think if I were to revisit this, you need to enforce enrollment from day 1. Security best policy conflicts with what you WANT to set your questions/answers to. Stuff like "first car", "mothers maiden name" is crap because it's all information freely available on Facebook most of the time. They need to be things that are more difficult to learn from a quick google, which usually means that the users themselves won't remember them
On the quest/dell front - we have a fairly large investment into Quest and Dell have only screwed a couple of bits up. It's their support which is mostly lacking as most of the Quest techs fucked off. I'm lucky to have access to an ex-Quest consultant though.
Lotus Elise 111R
Impreza WRX STi
|
