• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 196
  • Last Modified:

DO NOT prompt for old password in AD

Hello,

When changing passwords administratively (GP) in AD, is it possible to NOT prompt the user for their old password?

Thanks,
Mike
0
cheesebugah
Asked:
cheesebugah
  • 4
  • 3
  • 2
  • +1
1 Solution
 
Brad GrouxCommented:
As far as I know, no - for a user to change their password they'll need their old password. This is a security feature. If they do not know their password then an AD admin would need to right-click their user object and change their password. Of course before doing so, the AD admin should verify the identity of the user utilizing various methods like secret questions, knowledge of user information, etc.

Forefront has a password change portal, which may allow for not needing to provide the old password - http://technet.microsoft.com/en-us/library/jj134295(v=ws.10).aspx
0
 
McKnifeCommented:
Please explain what you are doing.
0
 
cheesebugahAuthor Commented:
Brad,

Thank you, I will check it out and see.

Thanks,
Mike
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
Natty GregIn Theory (IT)Commented:
No you do not want to do that, they you're system is left open for anyone to change anybody's password. its a security feature for a reason
0
 
cheesebugahAuthor Commented:
Well, we're a bank and in addition to typing in your password, you can use a fingerprint reader to logon.  People get used to using the fingerprint reader and don't use their typed password and cannot remember it when the password duration threshold is reached.  We then receive way too many help desk calls to have us assign them a password.  It would be nice if the users could just change their password and not have to remember their old one.
0
 
Brad GrouxCommented:
Removing the requirement for the old password would be a compliance nightmare considering you are a financial institution.
0
 
McKnifeCommented:
Logically, before resetting, they will need to authenticate somehow. Of course there are many ways to do this, look at https://anixis.com/products/apr/default.htm for example.
0
 
cheesebugahAuthor Commented:
McKnife,

This looks very interesting and inexpensive.  This might work.  I'll check into it more and we'll see.  Thank you for the suggestion.

Thanks,
Mike
0
 
cheesebugahAuthor Commented:
This suggested program is great!  Just what I was looking for.  Thank you.
0
 
McKnifeCommented:
Fine. We use anixis' PPE, also great. And no bugs, very good software and support. Simple, lightweight...
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now