(Feature available only in Premium Edition)
Shared administrative passwords are prone to misuse even in a very secure environment and periodic rotation of passwords is very much needed. Manually changing the passwords one-by-one would prove to be laborious. PMP helps in automating the process of changing the passwords periodically for which remote password reset is supported in PMP. Scheduled Password Rotation can be done only at the resource group level.
The prerequisite for using this feature is the proper configuration of password synchronization either by agentless mode or by deploying agents in the remote resource.
Multiple options are available to set the periodicity of password rotation. Notifications are generated both before and after the password reset task is run, with a consolidated report of the results for each password.
Go to "Resources" tab in the web interface
Click "Resource Groups" tab (alternatively, you can launch this page directly through the "Add Resource Group" link under the "Links" drop-down)
Click the icon 
present against the
resource group for whose resources password rotation is to be enabled
In the UI that opens up, the required schedule can be created through the following four-step process
When a password is scheduled to be rotated at a specified time, the users who have access to the present password(s) are to be informed about the rotation operation beforehand - say for example, a day prior to the rotation. Apart from the users directly connected with the passwords to be rotated, any other user could also be informed of the scheduled rotation on need basis.
Pre-Notification Timing
You can choose to send the notification anytime a week prior to the actual rotation schedule. The notification could be sent even a minute prior to the rotation. Select the number of days and/or hours and/or minutes prior to which the notification is to be sent.
Specify the recipients of the notification -
Users having access to the passwords - users who possess any one of the share permissions (read only, read and write, manage) for the password, at the time when notification is generated
Other Users/ User Groups - any other specific user(s) (to be selected from the list)
Email ids - to generate notifications to specified list of email aliases or email addresses
Click "Next"
You have the option to specify the new password(s) to be used for resources after rotation. You can either choose to allot randomly generated, unique passwords to the accounts based on the password policy set for the group or you can allot a new, common password to all the resources (in accordance with the password policy already specified for the group).
Select the required choice and click "Next"
Actual creation of the schedule for password rotation is done in this step. The schedule can be for one-time rotation or it could be for a recurring one at periodic intervals. Depending on your requirements, choose any one among the options - Once / Days / Monthly / Never. After selecting the option, specify other details as required and click "Next"
Immediately after the completion of password rotation process, notification could be sent to all those who have access to the passwords regarding the completion of the rotation. Apart from the users directly connected with the passwords to be rotated, any other user could also be informed of the rotation on need basis.
Specify the recipients of the notification -
Users having access to the passwords - users who possess any one of the share permission (read only, read and write, manage) for the password, at the time when notification is generated
Other Users/ User Groups - any other specific user(s) as selected from the list
Email ids - to generate notifications to specified list of email aliases or email addresses
Click "Finish"
The required password rotation schedule has been created. The setting could be saved as a template for use with configuring password reset schedule for another resource group.
|
Note: Password reset tasks scheduled for a password belonging to different groups do not affect each other. |
© 2007, AdventNet Inc. All Rights Reserved.