Email User And reset Password


I would like a Software package or even create a Scheduled script that could complete the following proceedure on a regular basis

-Generate Random Password - Alpha Numeric
-Inform User of New Password and that it will be changed on Time and Date
-Reset Password on Given Time and Date

I have about 1600 users that i will need to do this for all have mail accounts.

The Network is windows 2003 and Exchange 2003

If it's not possible any advice on password security would be appreciated.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Have you looked into setting the built in windows password policies?

Why not require the user's to change their own passwords? That way, you don't have to e-mail them and then risk having passwords transmitted via e-mail.

You can require users to change their passwords say every 30, 60, or 90 days.  You can also set passsword complexity so that the password has to contain 3 of the following 4: numbers, upper and lower case letters, symbols.  You can also set a min. password length such as 8 characters.  
Levi101Author Commented:
I have tried this and noticed even if I set the password to contain 8Character, Upper and lowerCase and 3 digits they will creat JoeSmith001 then in 30 days change it for JoeSmith002 etc, etc. This seems a bit pointless to me and not very secure.
That's true, but it would still help protect against brute force attacks and the like.

Also think about this point from a user perspective:

If you let them create their own passwords then at least maybe they will be more apt to remember then and not write them down and leave them on their desks.  

If you assign random passwords then more than likely your users will end up writing them down and keeping them near since it will be very hard to remember them. To me, this is much less secure.

Best practice tends to lean toward teaching your users how to create "good" passwords that are both complex, but easy for them to remember.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
If you were going to generate a random password, I would only do it for the initial one. luv2smile pretty much said it: teach people to create secure passwords... don't just force it on them. Also, have you implemented anything like an account lockout policy for a number of incorrect guesses?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.