- Azure AD certificate-based user authentication - Wed, May 11 2022
- Passwordless authentication with FIDO2 and Azure Active Directory - Mon, Apr 25 2022
- Sync KeePass for Windows with Android and iOS - Thu, Apr 14 2022
With the ongoing COVID-19 pandemic, most organizations have shifted their workforces so that employees are primarily working from home. In this stance, organizations have to adapt their troubleshooting and support activities to accommodate employees at home.
A common pain point with helpdesk activities is expired passwords. Most organizations have a password policy in place as part of their security posture that forces end users to change passwords after a specified period. Inevitably, end users wait until the last minute or have their passwords expire before changing them. This can certainly lead to headaches for IT support staff and both on-premises and remote workers.
If you have been around the world of Microsoft Active Directory (AD) for any length of time, you have probably seen Specops at some point. They have long been creating great tools for AD environments that provide functionality seemingly missing in the native AD feature set.
Specops Password Notification is a great little tool that gives organizations a streamlined and simplified way to send out password expiration notification emails to end users at specified intervals and with varying urgency, depending on how close end users are to password expiration.
The Password Notification tool provides three benefits to your organization and helpdesk activities:
- Remind end users of password expiration via email: While you can use certain native AD tools and PowerShell scripts, many of these are unreliable when end users are working remotely, especially via VPN. The Specops tool sends password expiration notifications via email. Thus, end users will see password change reminders regardless of how or even if they are not connected to the corporate network.
- Provide customized email notifications: Crucial aspects of the password expiration emails are customizable. This includes how long before password expiration to send out emails and how often to send them. You can customize the body of the email as well as other details like the priority and interval. If you have different sites in your organization that are in different time zones, you can configure the Password Notification tool for different time zones as well.
- Ease helpdesk burden due to password changes: Working out end-user password problems can take a tremendous amount of time from the helpdesk when they can be troubleshooting and helping with other issues. According to Gartner, 20–50% of all support calls relate to end-user password issues. Having the ability to email end users when their passwords are approaching expiration is a great way to avoid a large portion of helpdesk calls.
You manage Specops Password Notification with a Group Policy snap-in that you install with the Specops Administration Tools. Configuring the Specops Password Notification tool is straightforward. You accomplish everything in the GPMC snap-in. After you install the Specops tool on a server of your choosing as well as the Specops Administrative Tools, you will see a new entry under the User Configuration > Policies > Windows Settings area of your group policies called Specops Password Notifications. When you click this node, you will see the option to Create Configuration as shown below.
When you click the option to Create Configuration, this will launch a simple three-step process to configure the Specops Password Notification policy portion of your Group Policy Object (GPO). You will configure the:
- Email notification templates
- Date format
- SMTP configuration
Email notification templates ^
Under the Email notification templates, you have several options to customize the emails sent to your end users:
- Sender address
- Sender display name
- Email priority
One of the neat things you can do with the tool is specify customized days to send the reminders on. As you can see below, I have configured sending reminders 15 days out, 7 days out, and then one a day from the fifth day to the second day. Then you can create a customized template for the final day if you want. Below I have a custom template for the final day that turns up the email priority.
Date format ^
A simple but powerful feature of the Date Format configuration is that the date format is relevant per GPO. This means you can have the Password Notification tool send password expiration emails based on the user's time zone the GPO applies to.
SMTP configuration ^
The SMTP Configuration screen allows configuring your SMTP server to send the emails. It supports configuration for authentication as well as encryption, which will allow interoperability with most if not all email servers.
Specops is doing their part during the current world situation with COVID-19. They are providing a free license for the Specops Password Notification utility, helping to ease support activities at this time. All you have to do is have a valid company email address and provide this information by way of a fillable form to receive the download and license key good until December 31, 2020.
According to a statement from their CEO, Marcus Kaber:
We want to help reduce the load on IT departments with freeware that solves a real problem," said Marcus Kaber, CEO at Specops Software. "Releasing a freeware version of Password Notification is how Specops Software can help companies during this crisis. The whole company has come together quickly to release this freeware, as well as the recent release of Password Auditor where IT departments can see which of their users have leaked passwords.
Wrapping up and impressions ^
The Specops Password Notification tool is a great utility that will allow your organization to remind end users proactively their passwords are about to expire. The customizable reminder days along with the date formats allow easy customization of the reminder emails for the intervals that align with your end users as well as their time zones.
Subscribe to 4sysops newsletter!
This excellent tool is now free until the end of the year. Be sure to download a free copy of Specops Password Notification here.