[41001] in Resnet-Forum
Re: Password Reset Problems
daemon@ATHENA.MIT.EDU (Brian Gibson)
Fri Feb 5 10:41:22 2016
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------050901030500050103030202"
Message-ID: <56B4C28E.6000801@wheatoncollege.edu>
Date: Fri, 5 Feb 2016 10:41:02 -0500
Reply-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
From: Brian Gibson <gibson_brian@wheatoncollege.edu>
To: RESNET-L@LISTSERV.ND.EDU
In-Reply-To: <C9753E8B40870A488B0D4E8D50FAC15A0EDE0495@Messenger9.central.edu>
This is a multi-part message in MIME format.
--------------050901030500050103030202
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
I don't know of a tool that will show the IP or Device but I'd first
have the AD admins check the Default Domain policy inside the AD Group
Management Console. It sounds like some of the settings for the password
policy may not be set to what is expected.
Under the Default Domain policy I believe the settings are under....
Computer Configuration -> Windows Settings -> Security Settings ->
Account Policies -> Password Policy
On 2/5/2016 10:29 AM, Sandy Verhoef wrote:
>
> Help!
> We use AD to authenticate our systems; and recently required all users
> to change their passwords. We also implemented a program from
> PortalGuard for self service password changes. This seemingly simple
> process is causing the Help Desk nightmares! Users have to remember to
> change passwords on all devices using our wifi and on mobile apps like
> email that sync with our servers. Following is the problem:
>
> Out of the clear blue, several days or even weeks after a seemingly
> successful password change, users are getting locked out of their
> accounts, the AD Lockout and Bad Passwords tool we are using indicate
> bad passwords. My question for you: Do you know of a tool that works
> with AD that will tell us the ip# or device that is showing a bad
> password?
>
> We are spending way to much effort in trying to track down what is
> causing this! Thank you so much in advance of your help.
>
> */Sandra Verhoef/*
>
> */Central College/*
>
> */IT Services/*
>
> */Director of Computer Support Services/*
>
> */641.628.7692/*
>
>
>
> ___________________________________________________ You are subscribed
> to the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> <http://LISTSERV.ND.EDU/archives/resnet-l.html>
> ___________________________________________________
>
> ___________________________________________________ You are subscribed
> to the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> <http://LISTSERV.ND.EDU/archives/resnet-l.html>
> ___________________________________________________
>
> ___________________________________________________ You are subscribed
> to the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--------------050901030500050103030202
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I don't know of a tool that will show the IP or Device but I'd first
have the AD admins check the Default Domain policy inside the AD
Group Management Console. It sounds like some of the settings for
the password policy may not be set to what is expected.<br>
<br>
Under the Default Domain policy I believe the settings are under....<br>
<br>
Computer Configuration -> Windows Settings -> Security
Settings -> Account Policies -> Password Policy<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 2/5/2016 10:29 AM, Sandy Verhoef
wrote:<br>
</div>
<blockquote
cite="mid:C9753E8B40870A488B0D4E8D50FAC15A0EDE0495@Messenger9.central.edu"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Copperplate Gothic Light";
panose-1:2 14 5 7 2 2 6 2 4 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Help!<br>
We use AD to authenticate our systems; and recently required
all users to change their passwords. We also implemented a
program from PortalGuard for self service password changes.
This seemingly simple process is causing the Help Desk
nightmares! Users have to remember to change passwords on all
devices using our wifi and on mobile apps like email that sync
with our servers. Following is the problem:<span
style="font-size:11.0pt"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Out of the clear blue, several days or even
weeks after a seemingly successful password change, users are
getting locked out of their accounts, the AD Lockout and Bad
Passwords tool we are using indicate bad passwords. My
question for you: Do you know of a tool that works with AD
that will tell us the ip# or device that is showing a bad
password?
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We are spending way to much effort in
trying to track down what is causing this! Thank you so much
in advance of your help.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><i><span
style="font-family:"Copperplate Gothic
Light",sans-serif;color:#17365D">Sandra Verhoef<o:p></o:p></span></i></b></p>
<p class="MsoNormal"><b><i><span
style="font-family:"Copperplate Gothic
Light",sans-serif;color:#17365D">Central College<o:p></o:p></span></i></b></p>
<p class="MsoNormal"><b><i><span
style="font-family:"Copperplate Gothic
Light",sans-serif;color:#17365D">IT Services<o:p></o:p></span></i></b></p>
<p class="MsoNormal"><b><i><span
style="font-family:"Copperplate Gothic
Light",sans-serif;color:#17365D">Director of
Computer Support Services<o:p></o:p></span></i></b></p>
<p class="MsoNormal"><b><i><span
style="font-family:"Copperplate Gothic
Light",sans-serif;color:#17365D">641.628.7692</span></i></b><span
style="font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="color:black"><br>
<br>
<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">___________________________________________________
You are subscribed to the ResNet-L mailing list.
<o:p></o:p></p>
<p>To subscribe, unsubscribe or search the archives, go to <a
moz-do-not-send="true"
href="http://LISTSERV.ND.EDU/archives/resnet-l.html"
target="_blank">
<a class="moz-txt-link-freetext" href="http://LISTSERV.ND.EDU/archives/resnet-l.html">http://LISTSERV.ND.EDU/archives/resnet-l.html</a></a>
___________________________________________________
<o:p></o:p></p>
<p class="MsoNormal">___________________________________________________
You are subscribed to the ResNet-L mailing list.
<o:p></o:p></p>
<p>To subscribe, unsubscribe or search the archives, go to <a
moz-do-not-send="true"
href="http://LISTSERV.ND.EDU/archives/resnet-l.html"
target="_blank">
<a class="moz-txt-link-freetext" href="http://LISTSERV.ND.EDU/archives/resnet-l.html">http://LISTSERV.ND.EDU/archives/resnet-l.html</a></a>
___________________________________________________
<o:p></o:p></p>
</div>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a moz-do-not-send="true"
href="http://LISTSERV.ND.EDU/archives/resnet-l.html"
target="_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
</p>
</blockquote>
<br>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href="http://LISTSERV.ND.EDU/archives/resnet-l.html" target="_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--------------050901030500050103030202--
