Understanding the Random Password Policy
The Random Password policy lets you generate random passwords automatically, in a schedule, for a defined collection. So, even if a password somehow becomes compromised, it will only be good until the randomization period expires, and it will only apply to the one computer.
Usually large enterprises define a single, static password for use across thousands of computers. Given the ease by which even complex passwords can be compromised, the disclosure of passwords can jeopardize the security of an entire enterprise.In previous versions of AMS, you could randomize passwords using server-side tasks; these tasks still work, but they can be run on server schedule by using Quick Run or the Run Now feature. Additionally, policies can be applied to clients to be run on a client-side schedule. The settings for policies are the same settings that you would find under tasks, but with an additional "scheduling" feature.
Randomizing Passwords
It is a common practice that large enterprises define a single, static password for use across thousands of computers. Given the ease by which even extremely complex passwords can be compromised, the disclosure of passwords can jeopardize the security of an entire enterprise. Randomizing and cycling passwords is an easy and secure way that large public and private enterprises can ensure that security breaches do not occur. The Random Randomizing passwords includes:
- The password change interval: The frequency that passwords are changed.
- The password complexity: The minimum length of passwords combined with the use of alpha-numeric characters.
The Randomize Password Policy enables administrators to generate random passwords automatically, in a schedule, for a defined collection. In a worst case scenario, if a password somehow becomes compromised, the compromised password allows access only until the randomization period expires, and more importantly, access only applies to one computer.
Info | ||
---|---|---|
| ||
If the minimum Windows 7™ password policy requires 14 characters, and the LSS Randomize Password Policy requires 10, the Randomize Password Policy will FAIL on those Windows compouters. The LSS Randomize Password Policy must be at least the minimum of what Windows requires. |