Solved

Automatic Password Management - when passwords on many autonomous workstations NEED to change every 90 days

Posted on 2006-10-31
7
183 Views
Last Modified: 2013-12-03
Because of recent regulations and security requirements in the credit card industry, it is required that all machines that have access to credit card info meet a strict set of rules.  CISP, PCI, and others.

Anyway, one of these rules state that passwords must be changed at least once every three months on every machine.  That's a tough one for point of sale systems.  There are places with 20 or 30 workstations that aren't logged in by anyone, they are just suppose to be always on.  Anyway, those must still be changed, and to manually do that, even with the help of a script, every 3 months for many many clients... is simply not feasible.  

So, my question is, are there any applications or methods we can use so that passwords can be changed automatically, or at least much more easily, and then have the passwords stored in another file which is secured with a password that we'd manage manually.  

I envision a program running on a server, where every 88 days, it'll change the passwords automatically on all the winxp clients, then the password on the server itself, using a predefined list, or perhaps a randomly generated password that is recorded locally.

Thoughts/Ideas/suggestions?
0
Comment
Question by:swiftny
  • 3
  • 2
  • 2
7 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17845332
exacly which passwords are you talking about?  domain user accounts, local admin accounts, random local accounts or what?
0
 
LVL 1

Author Comment

by:swiftny
ID: 17845356
the way the systems are setup now, it's just local accounts on a workgroup. no domain.

if  a domain was absolutely necessary, I would reconsider the way we configured our systems.  
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17845594
once again:

EXACTLY which passwords are you talking about?  domain user accounts, local admin accounts, random local accounts or what?

are the accounts admin accounts? are they random local 'user' accounts, are all the accounts named the same?

0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 1

Author Comment

by:swiftny
ID: 17845675
They are all local admin accounts defined in windows which must have access to shares on the main sever.  They are all named the same.

These are the username/passwords that are used to login to the machine.  Currently the machines login automatically if they are restarted (which happens daily), and must continue happening.

Need any more clarification
0
 
LVL 9

Expert Comment

by:FixingStuff
ID: 17853315
This can be handled by setting a Group Policy on each machine using GPedit.msc, nav to Computer Config, Windows Settings, Security Settings, Account Policies, Password policy.  There you will see "Maximum password age" among several other settings.
This is much easier to manage on an Active Directory domain, but I think it can be scripted and/or pushed out to each machine... have not done it without AD myself. The policy will be applied to all local accounts, admin, guest, normal user whatever.
FS-
0
 
LVL 1

Author Comment

by:swiftny
ID: 17853631
But that won't let me change everyones password right, only the maximum age... the age I have to leave at 90 days.  I just don't want to go and manually change the password every 89 days.   I'm talking hundreds of workstations.
0
 
LVL 9

Accepted Solution

by:
FixingStuff earned 500 total points
ID: 17854480
Correct... so you don't want the users to change passwords, you want a central system to force a new password on all workstations every 90 days?  
I can understand that you don't want check stand clerks changing the passwords, however, what is the point of even having a password if the workstation auto logs in anyway?  Or am I all wrong?... I'm not sure what "workstations that aren't logged in by anyone, they are just suppose to be always on" means. They have to start up at some point.
There is another policy that will start bugging the user to change the password X number of days before a force of password change.  My thought would be that a store manager would be required to change those upon being bugged.
Do these POS workstations even retain any credit card data? and therefore even subject to the password change rules?
FS-
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Cloud-based technologies and services will continue to grow in popularity in 2017 thanks to the simple, scalable and cost-effective solutions they deliver. Here are three areas where cloud adoption is poised to really take off.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now