• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 269
  • Last Modified:

Email User And reset Password


I would like a Software package or even create a Scheduled script that could complete the following proceedure on a regular basis

-Generate Random Password - Alpha Numeric
-Inform User of New Password and that it will be changed on Time and Date
-Reset Password on Given Time and Date

I have about 1600 users that i will need to do this for all have mail accounts.

The Network is windows 2003 and Exchange 2003

If it's not possible any advice on password security would be appreciated.

  • 2
1 Solution
Have you looked into setting the built in windows password policies?

Why not require the user's to change their own passwords? That way, you don't have to e-mail them and then risk having passwords transmitted via e-mail.

You can require users to change their passwords say every 30, 60, or 90 days.  You can also set passsword complexity so that the password has to contain 3 of the following 4: numbers, upper and lower case letters, symbols.  You can also set a min. password length such as 8 characters.  
Levi101Author Commented:
I have tried this and noticed even if I set the password to contain 8Character, Upper and lowerCase and 3 digits they will creat JoeSmith001 then in 30 days change it for JoeSmith002 etc, etc. This seems a bit pointless to me and not very secure.
That's true, but it would still help protect against brute force attacks and the like.

Also think about this point from a user perspective:

If you let them create their own passwords then at least maybe they will be more apt to remember then and not write them down and leave them on their desks.  

If you assign random passwords then more than likely your users will end up writing them down and keeping them near since it will be very hard to remember them. To me, this is much less secure.

Best practice tends to lean toward teaching your users how to create "good" passwords that are both complex, but easy for them to remember.

If you were going to generate a random password, I would only do it for the initial one. luv2smile pretty much said it: teach people to create secure passwords... don't just force it on them. Also, have you implemented anything like an account lockout policy for a number of incorrect guesses?

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now