Automatic Password Management - when passwords on many autonomous workstations NEED to change every 90 days
Posted on 2006-10-31
Because of recent regulations and security requirements in the credit card industry, it is required that all machines that have access to credit card info meet a strict set of rules. CISP, PCI, and others.
Anyway, one of these rules state that passwords must be changed at least once every three months on every machine. That's a tough one for point of sale systems. There are places with 20 or 30 workstations that aren't logged in by anyone, they are just suppose to be always on. Anyway, those must still be changed, and to manually do that, even with the help of a script, every 3 months for many many clients... is simply not feasible.
So, my question is, are there any applications or methods we can use so that passwords can be changed automatically, or at least much more easily, and then have the passwords stored in another file which is secured with a password that we'd manage manually.
I envision a program running on a server, where every 88 days, it'll change the passwords automatically on all the winxp clients, then the password on the server itself, using a predefined list, or perhaps a randomly generated password that is recorded locally.