- Interact with Azure Cosmos DB with PowerShell - Tue, Sep 14 2021
- Azure health services: Track Microsoft cloud outages and maintenance - Wed, Sep 8 2021
- Powerline: Customize your PowerShell console - Tue, Aug 31 2021
- Help desk personnel constantly having to reset user passwords
- Fielding user complaints regarding password policy and change requirements
- Lack of self-service password reset
- Difficulty passing compliance audits because your password controls aren't granular enough
- Specops Password Policy: Substantial enhancement to native AD password policy
- Specops uReset: self-service password reset utilizing claims-based identity; supports authentication tokens from over 20 identity providers
- Specops Password Reset: End user–friendly self-service password reset and account unlock
- Specops Password Sync: Allows AD password to be used with non-AD and external SaaS resources
How Specops Password Policy works ^One thing I really like about Specops Password Policy is that it requires no database or other heavy infrastructure plumbing. Take a look at the following conceptual diagram I drew, and I'll walk you through the various parts and pieces of the solution:
- Specops Client: This agent should be deployed to every domain workstation.
- Specops Password Policy Sentinel: This is the password filter engine that should be installed on all Active Directory domain controllers.
- Specops Password Policy Administration Tool: Domain admins use this tool and the typical Windows Server Remote Server Administration Tools (RSAT) to manage Specops password policies.
- Maximum of 6 policies per domain
- Targets AD users and groups only
- Limited to built-in password policy (GPO) options
Install Specops Password Policy ^First of all, sign up for a free trial, and a Specops representative will send you a link to the installer package as well as a trial license file. Make sure you're logged on to a domain controller as an administrator and fire up the installation wizard as shown here: As you can see in the previous screenshot, the interface updates as you progress through each installation phase. This is useful because I find that when I perform a multi-phase product installation, I sometimes forget which components I've installed vs. which ones I haven't. The installer actually walks you through each administrative phase. For instance, the following interface screenshot shows the process of installing the domain controller sentinel component: At the conclusion of the Specops Password Policy installation process, you'll have extended Group Policy to include Specops-specific functionality and deployed the agent to your users. You're now ready to actually build your first policy.
Create your first Specops password policy ^On your administrative workstation, fire up the Specops Password Policy Domain Administration Tool. As usual, I'll give you a screenshot and then explain each major part of the interface:
- Domain Administration: Manage your license and enable/disable the service
- Domain Settings: Specify whether you need reversible password encryption and point the tool to your SMTP mail server for alerts
- Password Policy Sentinel state: Verify that Sentinel's running and on which domain controllers
- Configured password policies: View and edit any of your password policies
- Language files: Manage client language files; this is used to localize the software
- Password policy templates: Create, edit, and delete policy templates; the Microsoft and NSA templates ship with the product