Hi,

I'm using ARS 4.0 and I would like set the password field, in the User Form,
a minimum password length and/or if it's possible an Aging(determines how
quickly a password expires). This all should be independent from the
operating System. If this are not possible please tell me if it is possible
in ARS 4.5 or 5.0.

_____________________________

This can be accomplished through workflow.

- Create a date/time field in the User form for tracking the last password
change.
- Create a display-only form for changing passwords.
- Each time the user changes their password update the new date/time field
in the User form.
- On the primary form (Control Panel?) create an active-link that runs at
Window-Open that retrieves the date/time field from the User form. Check to
see if the date/time is greater than xx days old. (The setting of xx days
could be hard-coded within the active-link or better yet, stored in another
form and retrieved when needed.) If the password needs to be changed
display the change-password display-only form.
- On the change-password form check the length of the password when it is
entered. If the password is too short then display a message. (The setting
of the password length could be hard-coded within the active-link or stored
in another form and retrieved when needed.)

Fortunately, other developers have already create change-password forms and
are available online. Here are a few of the links.

http://www.mainhelpdesk.com/
http://www.users.globalnet.co.uk/~sandersd/
http://www.allremedy.com/download.asp

Stephen Heider
Senior Software Engineer/Remedy Lead
TransWorld Cyber Solutions, Inc.


-----Original Message-----
From: Arif Yilmaz [mailto:zzg-problemmanagement-izb@IZB.DE]
Sent: Monday, August 27, 2001 4:16 AM
To: ARSLIST@LISTSERV.VISTAIT.COM
Subject: Password Management


**

Hi,

I'm using ARS 4.0 and I would like set the password field, in the User Form,
a minimum password length and/or if it's possible an Aging(determines how
quickly a password expires). This all should be independent from the
operating System. If this are not possible please tell me if it is possible
in ARS 4.5 or 5.0.

________________
_____________


You may also control your subscription options, including UNSUBSCRIBE, at
www.ARSLIST.org

_____________________________

Hi

Password expiry date. I could suggest a messy way to do this. I haven't
really tried it out but it was just a brainwave that happened while reading
your mail. Like most brainwaves, this idea is perhaps half-cooked, raw and
immature. But it may help you proceed perhaps in the same line of thought
into developing something better.

You could add a date field on your password form which could be called
something like 'Password expires on'. An active link can be made to
calculate this date according to your need that fires on Submit or Modify.

Once this date has been crossed, an Escalation can be run on the system that
'locks' the user account by modifying the user record so that he does not
have access to his key applications, by removing him from all permission
groups. The administrator of the system could then 'reset' this user
account.

It ma be advisable to exclude the administrative user from this workflow and
keep his account such that he does not have to change his password. Also
advisable to leave system accounts if any, accounts such as ones that auto
generates tickets when problems/events occurs in other systems that are
integrated with Remedy.

You could also probably introduce other options such as a radio button field
that says 'Password Expiry' with options like:
1) Password Never Expires 2)Password Expires Periodically

Fire the workflow to set the next password change date if the second option
is selected.

This is a half - cooked idea I know, but its already the end of my day here,
nevertheless pleased to comment, as always!! Probably Gidd has something
better up his sleeve.....

Cheers

Joe DeSouza
CyberMAK Information Systems,
Kuwait.
Mobile : +965 940 6129.

-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:ARSLIST@LISTSERV.VISTAIT.COM]On Behalf Of Arif Yilmaz
Sent: Monday, August 27, 2001 11:16 AM
To: ARSLIST@LISTSERV.VISTAIT.COM
Subject: Password Management


**

Hi,

I'm using ARS 4.0 and I would like set the password field, in the User Form,
a minimum password length and/or if it's possible an Aging(determines how
quickly a password expires). This all should be independent from the
operating System. If this are not possible please tell me if it is possible
in ARS 4.5 or 5.0.

________________
_____________


You may also control your subscription options, including UNSUBSCRIBE, at
www.ARSLIST.org

_____________________________

Joe/Arif,

We use a similar system to what you propose with a few differences.

(1) We use the Modified-date on the User schema.
(2) An weekly escalation runs on User Records not modified for more than 8
week, and sends an Email notification telling them their account will
expire.
(3) Another runs after 10 weeks telling them this is their last chance
(4) Another runs after 11 weeks which sets the password to a value (unknown
to the user) effectively locking the account. The user will need to ring
the help desk to reset their password.
(5) A macro runs weekly which looks for User record last updated by
AR_ESCALATOR and last modified more than 6 weeks ago. These records are
deleted!!!

All in all a brutal but efficient system. passwords are regularly updated
and idle accounts are systematically removed. Not a perfect system and it
wasn't entirely popular when it went in, but it's better than nothing.



regards,


Barry Cox
Remedy Technical Consultant


CSC Australia


Phone +61 2 4222 7866
Fax +61 2 4222 7707
email bcox6@csc.com.au



Joe DeSouza
M> cc:
Sent by: "Action Subject: Re: Password Management
Request System
discussion
list(ARSList)"
STAIT.COM>


28/08/01 00:30
Please respond to
"Action Request
System discussion
list(ARSList)"






**

Hi

Password expiry date. I could suggest a messy way to do this. I haven't
really tried it out but it was just a brainwave that happened while reading
your mail. Like most brainwaves, this idea is perhaps half-cooked, raw and
immature. But it may help you proceed perhaps in the same line of thought
into developing something better.

You could add a date field on your password form which could be called
something like 'Password expires on'. An active link can be made to
calculate this date according to your need that fires on Submit or Modify.

Once this date has been crossed, an Escalation can be run on the system
that
'locks' the user account by modifying the user record so that he does not
have access to his key applications, by removing him from all permission
groups. The administrator of the system could then 'reset' this user
account.

It ma be advisable to exclude the administrative user from this workflow
and
keep his account such that he does not have to change his password. Also
advisable to leave system accounts if any, accounts such as ones that auto
generates tickets when problems/events occurs in other systems that are
integrated with Remedy.

You could also probably introduce other options such as a radio button
field
that says 'Password Expiry' with options like:
1) Password Never Expires 2)Password Expires Periodically

Fire the workflow to set the next password change date if the second option
is selected.

This is a half - cooked idea I know, but its already the end of my day
here,
nevertheless pleased to comment, as always!! Probably Gidd has something
better up his sleeve.....

Cheers

Joe DeSouza
CyberMAK Information Systems,
Kuwait.
Mobile : +965 940 6129.

-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:ARSLIST@LISTSERV.VISTAIT.COM]On Behalf Of Arif Yilmaz
Sent: Monday, August 27, 2001 11:16 AM
To: ARSLIST@LISTSERV.VISTAIT.COM
Subject: Password Management


**

Hi,

I'm using ARS 4.0 and I would like set the password field, in the User
Form,
a minimum password length and/or if it's possible an Aging(determines how
quickly a password expires). This all should be independent from the
operating System. If this are not possible please tell me if it is possible
in ARS 4.5 or 5.0.

________________

_____________


You may also control your subscription options, including UNSUBSCRIBE, at
www.ARSLIST.org

_____________________________



You may also control your subscription options, including UNSUBSCRIBE, at
www.ARSLIST.org

_____________________________

And now for my two cents. It has been awhile. Anyway, I had implemented a
system which not only checked the date and time of passwords but also
validated last used and prevented use of user id when a password is created
or changed. It also required double entry of new password for proper entry.

A key to it was that all users entered via the same control panel that had
workflow, active links of course, that checked the user Id last change date,
and if it exceeded a preset amount of time, forced the user to change their
password and log in again. This was done on version 4.03 and 4.5.1.
Unfortunately I no longer have the documentation on it, but at least you
know how it might be dome.

I can give some details on it from memory, if you like.

-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:ARSLIST@LISTSERV.VISTAIT.COM]On Behalf Of Barry Cox
Sent: 8/28/2001 7:13 PM
To: ARSLIST@LISTSERV.VISTAIT.COM
Subject: Re: Password Management


**

Joe/Arif,

We use a similar system to what you propose with a few differences.

(1) We use the Modified-date on the User schema.
(2) An weekly escalation runs on User Records not modified for more than 8
week, and sends an Email notification telling them their account will
expire.
(3) Another runs after 10 weeks telling them this is their last chance
(4) Another runs after 11 weeks which sets the password to a value (unknown
to the user) effectively locking the account. The user will need to ring
the help desk to reset their password.
(5) A macro runs weekly which looks for User record last updated by
AR_ESCALATOR and last modified more than 6 weeks ago. These records are
deleted!!!

All in all a brutal but efficient system. passwords are regularly updated
and idle accounts are systematically removed. Not a perfect system and it
wasn't entirely popular when it went in, but it's better than nothing.



regards,


Barry Cox
Remedy Technical Consultant


CSC Australia


Phone +61 2 4222 7866
Fax +61 2 4222 7707
email bcox6@csc.com.au



Joe DeSouza
ARSLIST@LISTSERV.VISTAIT.COM
M> cc:
Sent by: "Action Subject: Re: Password
Management
Request System
discussion
list(ARSList)"
STAIT.COM>


28/08/01 00:30
Please respond to
"Action Request
System discussion
list(ARSList)"






**

Hi

Password expiry date. I could suggest a messy way to do this. I haven't
really tried it out but it was just a brainwave that happened while reading
your mail. Like most brainwaves, this idea is perhaps half-cooked, raw and
immature. But it may help you proceed perhaps in the same line of thought
into developing something better.

You could add a date field on your password form which could be called
something like 'Password expires on'. An active link can be made to
calculate this date according to your need that fires on Submit or Modify.

Once this date has been crossed, an Escalation can be run on the system
that
'locks' the user account by modifying the user record so that he does not
have access to his key applications, by removing him from all permission
groups. The administrator of the system could then 'reset' this user
account.

It ma be advisable to exclude the administrative user from this workflow
and
keep his account such that he does not have to change his password. Also
advisable to leave system accounts if any, accounts such as ones that auto
generates tickets when problems/events occurs in other systems that are
integrated with Remedy.

You could also probably introduce other options such as a radio button
field
that says 'Password Expiry' with options like:
1) Password Never Expires 2)Password Expires Periodically

Fire the workflow to set the next password change date if the second option
is selected.

This is a half - cooked idea I know, but its already the end of my day
here,
nevertheless pleased to comment, as always!! Probably Gidd has something
better up his sleeve.....

Cheers

Joe DeSouza
CyberMAK Information Systems,
Kuwait.
Mobile : +965 940 6129.

-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:ARSLIST@LISTSERV.VISTAIT.COM]On Behalf Of Arif Yilmaz
Sent: Monday, August 27, 2001 11:16 AM
To: ARSLIST@LISTSERV.VISTAIT.COM
Subject: Password Management


**

Hi,

I'm using ARS 4.0 and I would like set the password field, in the User
Form,
a minimum password length and/or if it's possible an Aging(determines how
quickly a password expires). This all should be independent from the
operating System. If this are not possible please tell me if it is possible
in ARS 4.5 or 5.0.

________________

_____________


You may also control your subscription options, including UNSUBSCRIBE, at
www.ARSLIST.org

________________
_____________



You may also control your subscription options, including UNSUBSCRIBE, at
www.ARSLIST.org

________________
_____________


You may also control your subscription options, including UNSUBSCRIBE, at
www.ARSLIST.org

_____________________________