We help IT Professionals succeed at work.

Email User And reset Password

Levi101
Levi101 asked
on
Medium Priority
282 Views
Last Modified: 2013-12-04
Ok,

I would like a Software package or even create a Scheduled script that could complete the following proceedure on a regular basis

-Generate Random Password - Alpha Numeric
-Inform User of New Password and that it will be changed on Time and Date
-Reset Password on Given Time and Date

I have about 1600 users that i will need to do this for all have mail accounts.

The Network is windows 2003 and Exchange 2003

If it's not possible any advice on password security would be appreciated.

thanks
Comment
Watch Question

Have you looked into setting the built in windows password policies?

Why not require the user's to change their own passwords? That way, you don't have to e-mail them and then risk having passwords transmitted via e-mail.

You can require users to change their passwords say every 30, 60, or 90 days.  You can also set passsword complexity so that the password has to contain 3 of the following 4: numbers, upper and lower case letters, symbols.  You can also set a min. password length such as 8 characters.  

Author

Commented:
I have tried this and noticed even if I set the password to contain 8Character, Upper and lowerCase and 3 digits they will creat JoeSmith001 then in 30 days change it for JoeSmith002 etc, etc. This seems a bit pointless to me and not very secure.
That's true, but it would still help protect against brute force attacks and the like.

Also think about this point from a user perspective:

If you let them create their own passwords then at least maybe they will be more apt to remember then and not write them down and leave them on their desks.  

If you assign random passwords then more than likely your users will end up writing them down and keeping them near since it will be very hard to remember them. To me, this is much less secure.

Best practice tends to lean toward teaching your users how to create "good" passwords that are both complex, but easy for them to remember.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
If you were going to generate a random password, I would only do it for the initial one. luv2smile pretty much said it: teach people to create secure passwords... don't just force it on them. Also, have you implemented anything like an account lockout policy for a number of incorrect guesses?
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.