In previous versions of AMS, you could randomize passwords using server-side tasks; these tasks still work, but they can be run on server schedule by using Quick Run or the Run Now feature. Additionally, policies can be applied to clients to be run on a client-side schedule. The settings for policies are the same settings that you would find under tasks, but with an additional "scheduling" feature.
Randomizing Passwords
It is a common practice that large enterprises Large enterprises commonly define a single, static password for use across thousands of computers. Given the ease by with which even extremely complex passwords can be compromised, the disclosure of passwords can jeopardize the security of an entire enterprise. Randomizing and cycling passwords is an easy and secure way that large public and private enterprises can ensure that security breaches do not occur. Randomizing passwords includesPassword randomization includes the following concepts:
- The password change interval : The frequency that - the frequency at which passwords are changed.
- The password complexity : The - the minimum password length of passwords combined with plus the use of alpha-numeric characters.
The Randomize The Randomize Administrator Password Policypolicy enables administrators to generate random passwords automatically , in on a schedule , for a defined collection . so that In a worst-case scenario , if a password somehow becomes compromised, then the compromised password allows will allow access only until the randomization period expires, and more importantly, access will apply to only applies to one computer.
| Info | ||
|---|---|---|
| ||
If the minimum Windows 7™ password policy requires 14 characters, and the LSS Randomize Administrator Password Policy policy requires 10, then the Randomize Administrator Password Policy policy will FAILfail on those Windows compouters. The LSS Randomize Administrator Password Policy policy must be at least the minimum number of what characters Windows requires. |