NetWrix Password Manager Self-Service Password Reset Manager Overview

The task of helping end users in difficult situations is a heavy burden on the IT departments of large and growing companies. According to some estimates, each case of password reset can cost $ 70 (taking into account the loss of working time), and such incidents cause approximately 30% of calls to technical support. Costs may be even higher in industries where specific legislation is in place, for example, in the banking sector.

Why do users forget their passwords to access the system?
There may be several reasons:

1. Many passwords to remember. Each user has an average of about a dozen services and applications, each of which requires a password. Often the user is simply lost in these passwords and enters the wrong one.
2. Periodic password changes. In organizations with strong password policies, passwords have a certain expiration date. And after a certain period of time, the password must be changed. The user forgets to change the password and is automatically set to random. Or he changes the password, but still does not get used to it and gets confused by entering the wrong one.
3. Implement a strong password policy. A complex password is easier to forget.

But we are not talking about the reasons that are understandable to any specialist, but about how in such situations you can simplify your life, first of all, for administrators and the Help Desk service. Reset the password for a short time (see examples ), but if there are many such requests to the technical support service, large resources are spent on their processing (time is wasted). Users, of course, cannot work at a time when they do not have access to the system. Overall work efficiency is reduced.


In an Active Directory environment, administering user passwords involves many tasks, such as strengthening password security requirements through group policies, Help Desk activities, and multiple configuration of user account management options. Often these operations are decentralized and account holders stay away from managing their accounts.
Here dispatchers of self-resetting passwords come to the rescue (see the review on osp.ru ). They are designed to partially shift password management tasks from technical support to users themselves. Saving the drowning is the work of the drowning.
We will not dwell on the essence of this product group (see the link to the review above), but tell about our solution for self-managing user passwords in AD - NetWrix Password Manager . The program exists in two versions: basic free (up to 50 users) and extended commercial.

It simplifies the work of three categories of company employees at once:

1. Users can change their passwords themselves and not wait until they reach the turn in the technical support service;
2. Help Desk operators do not spend their time (as we wrote above - up to 30% of their time) on solving such problems. They can focus on the more important. Achieved optimization of staff;
3. Administrators can implement a stronger password policy and receive detailed reports on password changes.

To achieve this, three roles are distinguished:

• End users
• Help Desk Operators
• Administrators

By applying these roles to groups and individuals, administrators can control access to password management.

Key Product Features and Description

NetWrix Password Manager helps reduce the load on Help Desk and administrators by:

1. Users are given access to a web portal where you can perform basic actions with passwords;
2. Help Desk specialists can manage user accounts and receive reports on the status of their status through the web interface;
3. Administrators can enforce more stringent password requirements.

Product architecture

NetWrix Password Manager consists of the following components:
1. Web application : includes three web portals that provide program functionality;

• Administrative portal: allows you to change program settings, including controlled domains, question policies and options available for users, as well as mass register users in the • system.
• Help-Desk portal: designed for centralized management and receipt of reports on registered (enrolled) accounts;
• User portal: a web-based user interface for self-managing passwords.

2. Core Password Manager Service : performs operations requested through web portals;
3. Password Manager Client (extension on the Windows login screen): expands the functionality of the standard login dialog and allows users to reset and change the password, as well as independently unlock the account. The client supports the enrollment wizard.



The product is installed with default settings (such as password security settings, options available to users, verification issues policies, etc.). You can change them through the administrative portal.

And now more about the portals.

Work with the program, as already indicated above, is carried out by three categories of users. Each of them has its own portal.

Administrative portal

Access to the portal can be obtained from any computer by URL (set during the program setup).



Program settings are set just through this portal. When working with the program, the administrator can:

1. Add, delete or change the list of monitored domains;
2. Configure the following:
   
   • Branding (logo, contacts)
   • User options (password management options available to users)
   • Asked questions (a set of questions used for verification). If you would like to ask users not for the mother's maiden name, but for something else, then use this function.
   • Question policy (question and answer length, minimum number of questions required for verification)
   • Password Policy (Password Length)
   • Alerts (to which events to respond and to whom to send notifications about them)
   
   
3. Assign roles to users and groups (Administrators / Help Desk Operators / Users)
4. Carry out mass registration of users in the program (batch enrollment) - import account information from a .csv file

User portal (Self-service portal)

The user portal performs four basic actions:

1. Register with NetWrix Password Manager
2. Password reset
3. change Password
4. Account unlock

User registration in NetWrix Password Manager can be carried out both manually (the user answers questions on his computer or user portal), and through the batch enrollment operation, which is carried out by the administrator.

Via Password Management Client

After the program is installed, the Password Management Client component is added to autoload. In this case, the user will have the following window at the next login:



The sequence of actions for the user is pretty obvious: select a question and give an answer to it. Of course, there may be several questions. Also, if this is not prohibited by the policy, the user can come up with his own question (this setting is done on the Administrative Portal).

Through the User portal (Self-service portal)

Open the portal (Start> All Programs> NetWrix> Password Manager> Self-Service Portal).
Please note that this portal is available in Russian.
Select Registration.



The user selects questions and gives answers to them.

Users registered in the system will be able to perform the following actions:

• Reset password
• Change password
• Unblock your accounts

Password Reset Password
reset is performed by Help Desk users and operators if the user cannot access the user portal or extension on the Windows login screen.
Please note that a unique feature of our program is to reset the password through the client when there is no connection to the server.
Here is a quote from the review above:
“ A unique feature of NetWrix Password Manager is to reset the password in offline mode. In this case, the GINA extension is activated on the Windows registration screen to reset the user's cached password, even if it is not connected to the domain. This can be very convenient for companies with a large number of mobile users, but requires a local installation of the GINA extension . ”

User password reset:
In order to change the password, the user goes through several steps:

1. Opens a portal.
2. Selects Reset in the Reset section.
3. Enter the username and domain.
4. Answers the questions selected during the registration procedure.
5. After the correct answer to the question (s), the user enters a new password and its confirmation.

As a result, the password will be changed.
Please note that with the help of the program the user will also be able to unlock his account (for example, if entering the wrong password several times in a row led to its blocking). And again, all this is done independently, without involving Help Desk operators.

Password reset via Windows login extension:

1. Log out
2. Click “Can’t log in?”
3. The Logon Assistance Wizard appears
4. Enter domain \ username and click Next
   
5. Enter a new password and confirm it
   
   • If your account has been blocked, select Unlock Account
   • If you want the password to not expire, select Password never expires
   
   
6. Enter the answers to the questions. Password will be changed.

Password reset via Help Desk portal (performed by Help Desk operator)

• Open the Help Desk portal (Start> All Programs> NetWrix> Password Manager> Help-Desk Portal)
• Select the user who needs to change the password
• When you select Unlock or Reset Password, the User Identity Verification page appears, which displays the questions that the user selected during registration and the answers to them. In this case, only the first and last letter of the answer is displayed. The user informs them (the first and last letter) of the Help Desk to the operator, and he, in turn, resets the password.
• Assign a new password to the user.
• Password will be reset.

Admin Control

In order for administrators to be able to control all password changes, the program has reports and notifications.

1. Notifications may be included for the following events:
2. Register an account in Password Manager.
3. Password reset.
4. Unlock account.
5. Change Password.
6. Verification failed.

Two types of reports are available:

1. User Activity shows all user actions related to passwords (Registration, Change, Reset, Unblock account) for a certain period of time. The report displays the result and time.
   
2. User Enrollment displays the registration status (registered in the NetWrix Password Manager database or not) for all users in the monitored domain.

You can familiarize yourself with the program on our website . We draw your attention once again to the fact that the 50-user version is available for free .
Watch the webinar recording on using the program (along with other lock management solutions) here .

PS We will talk about the work of the free version of the program on December 19 at the webinar “10 free tools for controlling IT infrastructure”, along with other free NetWrix programs.