Overriding Active Directory's Password Policies

Pre-Requisites:

Nervepoint Access Manager configured and connected to an Active Directory server.

 

Nervepoint Access Manager provides the ability to set additional password rules for user passwords over and beyond that offered by Active Directory. In this article we show you just how easy it is to setup.

 

Configuring Your Own Password Policies

  1. Logon to Nervepoint Access Manager with the admin user and go to the Directories page.

  2. To the right of the page you will see the current rule set that a password must meet, this rule set will have been pulled directory from the Active Directory settings.

  1. To edit these rules select the Edit Rules option to the right of the password rules.

  2. The Edit Password Policy window is opened by default Nervepoint's Password Policy options are disabled the option must be enabled before additional password rules can be set.

  1. There are three groups of options that can be set:

  • Password Length - the Minimum and Maximum Password length

  • Included Words - the two options in this section determine if the password can contain the account username or words from the dictionary

  • The Password Criteria - this first specifies the number of criteria that must be matched to form a valid password, the next four options each specify how many characters must be provided to meet the criteria for that character type.

 

In the example below the password policy has been changed so that a password must be at least 8 characters in length up to a maximum of 127 characters. Passwords must not contain the username but can use dictionary words they must also match at least 3 of the criteria which are now a minimum of 3 numbers, 2 upper case characters, 3 lower case letters, or 2 symbols.

 

 

6. Select the Save option to confirm the changes to the password policy.

 

 

Note: that while this functionality will allow you to set a higher level of security for user passwords it currently will not allow you to set a weaker password policy than the one currently used by Active Directory. If a weaker password policy is set then Active Directory may reject any passwords that do not meet its requirements.

 

Once the new Password Policy has been configured and saved Nervepoint Access Manager will automatically begin using the new policy for new passwords.

 

Setting new Passwords as a User

When a user attempts to change their password using Nervepoint Access Manager, either through their account interface or through the Password Reset function, the new password that they provide must meet the new password policy rules, these will be displayed for them.

 

Note that these rules will only be used when the password is changed through Nervepoint Access Manager, if a password is changed within the Active Directory these rules will not be enforced.

 

 

Disabling Password Policies

Should you decide to disable the Password Policy that has been configured you should make sure to resynchronise the connection to Active Directory in order to ensure that the AD rules are re-established. If not your server will continue to use the previous password policy until it performs an automatic resynchronisation.

 

 

You can find a video tutorial explaining this process on our youtube channel (http://youtube.com/nervepointtech) at http://youtu.be/5-XwX8HyAF8.

Have more questions? Submit a request

Comments

Powered by Zendesk