DON'T REINVENT THE COW

This is a place for Systems Administrators and IT Professionals to find and share ideas, solutions and templates. If you have something that helps you solve a problem, chances are it will help someone else too. So pay it forward and send an email to TheAgreeableCow at gmail. Full mudos to you!

Wednesday, 13 June 2012

Preventing Password Expirations with Custom Emails and Reports

One of the big sources of calls to the Helpdesk department is the fallout from expired passwords. Generally users will get a Windows message box at login warning about this, but I find that this basic prompt doesn't always work in practise. Firstly, by default it pops up way too early and is often more annoying for your users. Secondly, most people just tend to ignore it and often continue to do so until it is too late. Also, for environments that use Citrix published apps or terminal services sessions, there can be some delays in password replications and conflicts if users change their password at logon. This can lead to account lockouts and even more Helpdesk calls! Finally, if you happen to turn on some group policy features, this warning simply will not show up at all.

So, this project is about contacting your users via email and advising them with your own clear message that their passwords are about to expire. At the same time generate a simple report for the administrator, giving them a heads up to potential issues. The original script was sourced some time ago, so if I find the originator, I'll be sure to pass on all mudos.

Also note, that this script uses Quest's ActiveRoles. You can of course easily customise and use the native AD module. Once you're happy, set it up as a daily scheduled task. Ideally do this late in the afternoon, to remind users just before they are about to log off. Also have a look at customising the messages within the emails. You do want to keep this simple but informative. Keep in mind that since passwords can be sensitive and phishing is so easy, you don't want to establish bad behaviours (such as clicking on a hyperlink).

There are three broad sections in the script. The first is to email users whose passwords have expired. I find this a little counter intuitive, but some environments might find this handy. Perhaps they might still have Blackberry working or you might want simply want to send it as a record with information about how to avoid next time.

The second section is where it sends an email to each user whose password is expiring within your designated time. Personally I set this as less than 5 days. This is enough to cover weekend and part timers, but not so repetitive that it becomes annoying. Additionally, you might also have system accounts, so in these cases (where their isn't a valid email recipient), it will send the email to the administrator.

The final section is where it collects all of the users whose passwords are about to expire and all of the users whose passwords have expired, and wraps it up into a nice email report for the administrator. This can be handy, because you can see the people that are ignoring their emails as they just keep showing up in that report! A quick proactive phone call would be much appreciated by the user and the Helpdesk.

Here's the full script.


 Cheers,
         (__)
         (oo)  ok
   /------\/  /
  / |    ||
 *  /\---/\
    ^^   ^^


1 comment:

  1. Those new to online gambling may find selecting one of the best online on line casino in the USA a challenging task. However, should you keep things easy and follow this guide and ourcasino evaluations, it’ll turn into clear it’s an easy and enjoyable process. For greater than half a decade, a number of} events pursued bringing legal and controlled online on line casino gaming to the state. The effort started with thought that|the concept|the concept that} Michigan might turn into an internet poker-only market, but New Jersey changed the calculus when it licensed a full array of online on line casino gaming in 2013. Michigan online gambling sites are overseen by the Michigan Gaming Control Board, the same entity which regulates the retail casinos 토토사이트 in the state.

    ReplyDelete