In previous versions of AMS, you could randomize passwords using server-side tasks; these tasks still work, but they can be run on server schedule by using Quick Run or the Run Now feature. Additionally, policies can be applied to clients to be run on a client-side schedule. The settings for policies are the same settings that you would find under tasks, but with an additional "scheduling" feature.
Randomizing Passwords
It is a common practice that large enterprises define a single, static password for use across thousands of computers. Given the ease by which even extremely complex passwords can be compromised, the disclosure of passwords can jeopardize the security of an entire enterprise. Randomizing and cycling passwords is an easy and secure way that large public and private enterprises can ensure that security breaches do not occur. Randomizing passwords includes:
- The password change interval: The frequency that passwords are changed.
- The password complexity: The minimum length of passwords combined with the use of alpha-numeric characters.
The Randomize Password Policy enables administrators to generate random passwords automatically, in a schedule, for a defined collection. In a worst case scenario, if a password somehow becomes compromised, the compromised password allows access only until the randomization period expires, and more importantly, access only applies to one computer.
Failure of the Randomize Password Policy
If the minimum Windows 7™ password policy requires 14 characters, and the LSS Randomize Password Policy requires 10, the Randomize Password Policy will FAIL on those Windows compouters. The LSS Randomize Password Policy must be at least the minimum of what Windows requires.