NT Gatekeeper: Using Tools to Set Up a Self-Service NT 4.0 Password-Reset Service

I'm the Windows NT 4.0 security administrator for a multinational company with NT Help desks in Dallas, Singapore, and Dublin, Ireland. The Help desks receive many requests to reset users' passwords. To reduce the Help desk's password-reset load on the company's Help desks, I want to set up a self-service password-reset service in my company's major locations to let users securely reset their NT passwords without Help desk intervention. Do you know of any commercial software products that provide such functionality?

Several software solutions provide secure password-reset functionality. Table 1 lists some of these products and their vendors. To determine whether to let a user reset a password, Proginet's SecurPass-Reset, Entact Information Security's ENTACT!Reset, CyberForm Development's Password Simple, Courion's PasswordCourier, and BindView's bv-Admin Password Self Service all use a Q&A mechanism. You can customize the Q&A and let users access it through a Web site. The Q&As are based on stored personal information in a company's SAM or in the human resources (HR) database. If a user's answers match the data stored in the repository, the system automatically performs a password reset. Sample questions are "What's your mother's maiden name?" and "What's the zip code of the city where you live?"

TESIS's TESIS/Password-Reset requires that a user successfully authenticate two additional accounts before the program will let the user reset a password. The two other accounts fill in their passwords on the password-reset Web page to authorize the user's password reset. (Your Help desk administrators or other members of your IT staff can help fulfill this role.)

In all cases, a password-based, Secure Sockets Layer (SSL)­based, or combined password/SSL-based authentication solution secures access to the password-reset Web page. Users received the password or certificate that they need to access the secured password-reset Web page through secure email or another secure out-of-band (OOB) delivery channel.

Provisioning software (i.e., software that automatically synchronizes different account databases based on a master database or directory) such as Business Layers' eProvision Day One and Access360's enRole is another kind of product that usually includes a secure password-reset facility.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.