Questions on Password Policy

Similar Messages

• How do you apply the same password policy to every PDF document you create with inDesign?

  All,
  Adobe peeps!,
  I don't know if this is really supported with inDesign 5.5, but here is my my use case:
  I constantly create more than 10 PDFs a day using inDesign
  On  all PDF's I create, i want to apply password security to protect them
  But in order to do so, within inDesign, I am   always forced to go to the "security dialogue" pane to set up the same permission  and passwords over and over again
  This gets tiring :/
  So what I am hoping to do is  the following:
  Like acrobat, I want to create a password policy within inDesign
  I want all PDFs created to have such a password policy  be automatically applied
  I know acrobat supports something like this (http://help.adobe.com/en_US/acrobat/pro/using/WS58a04a822e3e50102bd615109794195ff-7d68.w.h tml), but, unless I may have missed something, the Acrobat feature is limited. That is, the help link  does not tell me how to automatically do this with Acrobat either (the link does not explain to me how to "automatically apply the same password security policy to every PDF document I save within the application). I think the only way to do so is via "Adobe LiveCycle Rights Management ES", but for non server users, I am hoping there is another way.
  So my questions are:
  Is it possible to create password security policies in inDesign?
  Is it possible to apply the same password security policy to every PDF i create in inDesign?
  If not, can I change default settings within Acrobat ProX to automatically apply a password security policy everytime I save a PDF?
  If all fails, do you guys know of any extensions that can support this?
  Any help would be great. Thanks!

  Steve,
  Thanks for your notes. To follow up on your response.
  Bummer. I kinda had a hunch at this inDesign limitation.
  I have been aware of the method for setting up of a security policy within Acrobat. While this feature does cut down some of the work involved in creating and applying password policies to pdfs, what I am looking for with Acrobat is to apply the same password policy to every document I save from the app. Automatically. Without having to manualy select a policy.
  I think my solution will have to lie in me creating some sort of script to help support this need. I don't think Acrobat Pro X has the capabilities to allow me to tinker with, say, creating a save PDF preset that will allow me to automatically apply a password policy.
  PS. I am using acrobat pro x.

• How to implement forgot password policy in OIM

  Hi,
  I want to implement forgot password Policy on OIM 11g r1.
  Can any one please help me on this.
  I mean from where to start and how is the follows goes..
  Thanks in Advance :-)

  Forgot Password functionality is OOTB.
  You can configure Forgot Password Question Answers. Go to System Configuration (Advance Console) and search for different properties associated with Challenge Questions Answers.
  OIM.DisableChallengeQuestions
  PCQ.NO_OF_CORRECT_ANSWERS
  XL.IsDupResponseAllowed
  etc..
  You can also add new Challenge Questions as well by adding into Lookup.WebClient.Questions

• How to make changes in strong password policy

  hi,
  how to make changes in strong password policy.
  I m using apex 4.2.
  pls help

  1003090 wrote:
  I created a login page, but when i m putting a password or more then 7 character then in place of Invalid Login Credentials , its saying
  ORA-06502: PL/SQL: numeric or value error: character string buffer too small.
  I need to put a password of min 8 character, since its taking not more then 7 so i cannot use validation for the same.You already have a thread open on that: +{thread:id=2532900}+. Continue with that issue there.
  If the original question above relating to how to configure password policies is answered then close this thread.

• Best way to force password policy on users within 1-2 weeks?

  We have a Server 2008 R2 domain.
  I'd read that the password policy in GPO is only available for Computer Configuration, not User Configuration? Is that correct? 
  If so, that's not very flexible and will make things trickier for us.  
  And regarding enforcing a password policy with a GPO on our local domain, do you know of a way to force users to change their passwords within say 1 week?    (the only options I know of are on the AD User account properties check a box "User
  must change password at next logon" (then you'd have to force them to log out) OR relying on AD's internal formula:
  webactivedirectory.com/.../how-active-directory-calculates-account-password-expiration-dates .  The problem I see with the latter is if your user hasn't changed their pw for a year you'd have to wait a year+how many days you set for max password
  age?
  spnewbie

  To add, the password policy is applied at the domain level and only works at the domain level. It's not the fact that it's at the "Computer Level" or "User Level" or not, it's the fact that it's only set at the domain level.
  Account policies (Password, Lockout and Kerb), are all under the Computer Config because it forces it to apply to all user accounts that access all machines.
  If you tried to create a password policy at any other level (any OU), it won't work. The only option is to use PSOs, as Mahdi pointed out.
  As for that Spiceworks thread, I would suggest to post a question about a specific product to the product vendor's support forum for accurate responses.
  Here's an excerpt from MOC 6425C Configuring and Troubleshooting Windows Server 2008 Active Directory, page 10-8 (and this applies to all versions of AD):
  Active Directory supports one set of password and lockout policies for a domain. These policies are configured in a GPO that is scoped to the domain. A new domain contains a GPO called the Default Domain Policy that is linked to the domain and that includes
  the default policy settings for password, account lockout, and Kerberos policies. You can change the settings by editing the Default Domain Policy GPO.
  The best practice is to edit the Default Domain Policy GPO to specify the password policy settings for your organization. You should also use the Default Domain Policy GPO to specify account lockout policies and Kerberos policies. Do not use the Default
  Domain Policy GPO to deploy any other custom policy settings. In other words, the Default Domain Policy GPO only defines the password, account lockout, and Kerberos policies for the domain. Additionally, do not define password, account lockout, or Kerberos
  policies for the domain in any other GPO.
  The password settings configured in the Default Domain Policy affect all user accounts in the domain. The settings can be overridden, however, by the password-related properties of the individual user accounts. On the Account tab of a user's Properties dialog
  box, you can specify settings such as Password Never Expires or Store Passwords Using Reversible Encryption. For example, if five users have an application that requires direct access to their passwords, you can configure the accounts for those users to store
  their passwords by using reversible encryption.
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• IdM Password Policy Options

  Anyone know of a way of configuring the Password Policy Options (found in the Identity System Policy) to lost password self-service?
  Specifically:
  Password Provided by "Generated"
  Reset Notification Option "email"
  A client (IdM 7.1) would like a person using the self-service lost password function (authenticating via questions) to have new random expired password emailed rather than changing it immediately
  The above settings only seem to apply to Administrative password resets.
  -Rob

  Any solution found for this? I have the same issue.

• New users with Global Password Policy requiring password "reset on first user login" are still prompted to reset password after entering incorrect password

  The setup:
  We have the option "Password must: be reset on first user login" enabled in the Global Password Policy on our 10.9 / Mavericks server. We import new user accounts into Open Directory via a delimited text file and include a default password for each user.
  What I've observed and tested:
  When a user attempts to log into a computer that's bound to our Open Directory for the first time, they can enter anything in the password field and still receive the prompt to reset their password. They are never notified that they entered their default password incorrectly. The password reset will then fail (as it should), but they still aren't notified that this is the reason for the password reset failure. To put it another way: Seeing the prompt to reset your password would reasonably imply that you entered the default password correctly, but that's not the case at all.
  The question:
  Is this expected behavior? If it is, it doesn't seem logical. If this was the case in OS X Server 10.3 through 10.7 I never noticed it. Can anyone corroborate this with their own setup? Thanks in advance.
  -- Steve

  Some follow up questions:
  - How did you migrate (dsmig ldif or binary import)
  - Did the accounts in .x have any custom password policies set?
  For a "new" and a migrated entry, can you check if a passwordpolicysubentry is configured?
  (search as directory manager and fetch the attribute)

• Password policy, gone after remote wipe or firmware upgrade?

  I am investigating if the iPhone is a serious option for our customers. I learned a lot the past days, but I still have one important questions.
  I have an iPhone with a password policy
  Situation 1:
  I perform a remote wipe, the latest firmware installs itself after the activation and I don't put back a backup.
  Situation 2:
  I update the firmware of my iPhone with a 'restore' and don't put back a backup.
  Question:
  For both situations: Is my password policy still on the iphone?

  I assume you intend to set the password policy via a configuration profile. The policy will remain in place until the device is wiped. After that it is basically a fresh phone, and neither any data nor any profiles will remain on the phone.
  Your goal is probably that any sensitive information is only stored on a phone with a password policy enabled. For this you would essentially have to put all that information on a VPN, and provide the key / certificate to access that network with the profile, so that a user would not be able to gain access to the information without the profile.

• Custom Password policy for ProxyAgent

  Solaris 10 Server Directory Server LDAP 6.3. Clients are Solaris 10.
  The clients use "proxyagent" user located in ou=profile. When I create a Global Password policy and apply to my top level dc, then this service account can "expire". I can't have my service accounts expiring...
  How do you create a custom filter with NO account lockout, expiration, etc? The DSCC wizard doesn't allow you to as the last step of the wizard must have a bug because even though you don't click the Lockout radio button, the webpage asks you to fill in a number for account lockout of 1 to 32768. Ugggh.
  Question 2: how do you apply a custom password policy to ALL of ou=people? I can do it one by one to dn's under the ou=people, but I want it on the parent so new users get the custom password policy. Everything I try, the Global Password Policy wins. (And can't seem to be done via the DSCC but rather through command line)
  Help.
  Thanks,
  Sean

  How do you create a custom filter with NO account lockout, expiration, etc?
  The DSCC wizard doesn't allow you to as the last step of the wizard must have
  a bug because even though you don't click the Lockout radio button, the
  webpage asks you to fill in a number for account lockout of 1 to 32768. Ugggh.Logged a new bug
  http://sunsolve.sun.com/search/document.do?assetkey=1-1-6787917-1
  The clients use "proxyagent" user located in ou=profile. When I create a Global Password
  policy and apply to my top level dc, then this service account can "expire". I can't have
  my service accounts expiring...Password policies have to be applied to individual accounts (manually or via CoS). So you
  may need to create a new password policy and assign it to the proxyagent user. Since DSCC
  does not seem to allow you to do that, best to munge it via the commandline (after specifying
  the lockout in dscc). Yes, it's ugly but a bug has been logged. Please contact Sun Support if
  you want a fix against 6.3 (quote the above bug number)

• Password policy change

  In the past we pretty much allowed very simple policy with passwords. With people accessing the cloud more and people logging in remotely to our site we need to make passwords a little more difficult.  My question is if I changed the password policy
  will this immediately affect all users.  Frankly I only want to have them change their password to a stronger password when their old password expires.  This will reduce the support that will be needed.  I mean if I change the policy and suddenly
  everybody needs to change their password on the same day I'm sure I'll get support calls and grumbling etc.
  So to repeat my question if I change the password policy so that people need to put in more complex passwords will this affect everyone immediately or will it only affects them the next time the password expires, which we have set 120 days.
  Thank you

  if you are already using password expiry, the new complexity requirements are enforced at the next password change event (either expiry or user-initiated or admin-initiated).
  If you are not using password expiry, and you enable password expiry, the password age will be examined at the next user-logon, and your new policy will be enforced.
  password complexity, and password history, are only examined for policy compliance, during a password-change event.
  A password-change event, is either user-initiated (user chooses to initiate their password change for their own reason), or, admin-initiated (admin resets or expires the password for a user), or, password-expiry-initiated (a user attempts logon, the password
  age is examined according to policy, and the age exceeds that permitted by policy, which triggers the change-password dialog, and, complexity+history is examined for policy compliance)
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• OS X Server OD & Password Policy

  Here's a question for someone that has experience with OD, network accounts and password policy.
  All on 10.9 with the latest updates, there’s a Mac Mini OD Master offering DNS, File Sharing, Mail, Contacts, Calendar and another Mac Mini OD Replica. A total of 20 Macs binded to OD and using Network Accounts. Everything seems to be working fine but they have an OD Global Password Policy as follows:
  - Passwords must:
    - differ from account name
    - contain at least one letter
    - contain both uppercase and lowercase letters
    - contain at least one numeric character
    - contain at least 8 characters
    - differ from last 3 passwords used
    - be reset every 45 days
  Everything is relatively working fine except for the Password Policy because of the following:
    - Users are not getting any prompt about their password coming to expire
    - When the user’s password expires and since they are not getting any warning, users suddenly get no access to services
    - Some users are unable to successfully modify their password, they get prompted to change it and when entering the new password (when logging in through AFP), it shakes even though the new password complies with the Password Policy and the only way to get them logged in is by manually resetting the user’s password with the Server App.
  Ideas and suggestions are greatly appreciated.

  thx - solved.
  Just keep »identification« empty! :-o

• Password Policy and user account lockout in OAM

  Hi folks,
  I'm new to OAM and have rather silly question: I created Password Policy where I've defined the Number of login tries allowed, Custom Account Lockout Redirect URL, etc. Now, how do I tie it to the authentication / authorization rules inside my Policy Domain which I'm using to protect a certain resource?
  Thank you
  Roman

  Hi Colin,
  I do have the validate_password plugins defined in the Authent scheme, here they are:
  credential_mapping      obMappingBase="xxxxxx"
  validate_password      obCredentialPassword="password"
  validate_password      obReadPasswdMode="LDAP"
  validate_password      obWritePasswdMode="LDAP"
  Yet, after the third unsuccessful login, nothing happens. I still don't get it how the password policy I've created kicks into the action? Should it be evaluated each time a user attempts an access? Is it getting engaged due to the validate password plugin names?
  I've also noticed that the only default step I have in the Authent scheme doesn't list the last two validate password plugins in it. Does it have to?
  Thanks Roman
  Edited by: roman_zilist on Dec 17, 2009 9:12 AM

• Password policy for 2003

  Experts,
  We have windows server 2003 domain functional level and password policy is defined in Default domain policy. Now our password policy does not have Max pswd age and min pswd age settings defined. So we want to test these settings.
  I created a new GPO and just defined those two policies and linked it to a test OU. Moved the required computer to that OU. I read computer should be in that OU and not the user. It is not getting applied. I have two questions:
  1. Even those two settings are not defined in default password policy, can we create a separate policy for that? or all password policy settings has to be defined in 1 GPO?
  2. OU where we want to test this password policy, should have computer, user or both in that OU?
  Appreciate any help!!!!

  Hello,
  password and account lockout settings MUST be configured on domain level. On OU it has not any effect for domain users logging on to domain machines. 3rd party tools may still exist that provide that option.
  For additional settings you need Windows Server 2008 or higher then you can use Fine grained password policy settings for security groups and user accounts.
  http://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

• Password Policy implementation for SAP users

  Dear Friends,
  We are planning to implement the Password Policy for SAP users in our organization...
  Here my question is,
  Letu2019s say that the Password Policy is implemented today, what will happen to the SAP usersu2019 passwords?
  Will they be locked out until they create a new password that follows the policy?  Will there be a dialog box that will tell them what the criteria is for new passwords and its the time to change the password?
  Thank you,
  Nikee

  Hi
  Letu2019s say that the Password Policy is implemented today, what will happen to the SAP usersu2019 passwords?
  SAP Users password will be intact till it prompts for next password change. Say, 90 Days. (Provided Parameter is not set)
  Will they be locked out until they create a new password that follows the policy? Will there be a dialog box that will tell them what the criteria is for new passwords and its the time to change the password?
  They will not be locked out until they create a new password that follows the policy (provided parameter is not set),  During the time of changing the password they would get a dialog box if they have not met the specified criteria indicating that it should have specific values.
  Once the password change prompt appears, in order to login to SAP they are forced to change password with password criteria set, other wise they can not login.
  Thanks and Regards
  Arun R

• What is the new password policy?

  What is your new password policy?  All you state on the page where it forces us to change without being able to continue is a meter that says whether its strong enough.  How about actually stating what the requirements are on that page?  Even when clicking on the Password Help link, it doesn’t state what the requirements are.  This can be very frustrating to users trying to create a password model.
  After toying around with some passwords, I am guessing it is just like 12 characters regardless of whether they are upper/lower case, numbers, or special characters.  This policy is really lacking for any type of real security measure.

  Hello tmanXX,
  Internet security is a topic of much importance and discussion these days. In order to ensure that you and our other customers have the most enjoyable and secure experience, we recently established new requirements for passwords on BestBuy.com. Even so, you ask very good questions about the standards that we have established.
  When changing your password on our website, we have a visual indicator to verify your password strength against our criteria. We recommend a variety of letters (upper and lower case), numerals, and symbols deployed randomly for best results. Our standards are not published to add a further obstacle to those who might try to use such information with ill intent. I apologize for any aggravation that you may have endured as a result.
  Please know that I'm grateful for your feedback on our password standards and that you took the time to pose your questions and concerns.
  Sincerely,
  John|Social Media Specialist | Best Buy® Corporate
   Private Message