1 2 Previous Next 10 Replies Latest reply on Jun 1, 2009 11:21 PM by mrgui

    Password Templates

      Hi,
      We are currently looking at deploying MEE v 5,1,8,0 Build 5600. We want the users password to be at least 8 characters long and consist of at least 1 number and letters.

      For each user, on group and user level i have set the password template to be between 8 and 40 characters and also tried setting 8 alphanumeric and 0 for the other options. Also tried 1 for numeric and left the other at 0, but whatever i seem to enter the user can still reset their password to whatever they desire, even after succesful sync?

      Has anyone else come across this, or can anyone point me in the direction for setting the policy as required above??

      Cheers
        • 1. RE: Password Templates
          If you can manage this through AD or whatever your authentication mechanism is, I'd recommend doing it that way. By doing it in the true authentication system, not only are your encrypted users forced into this, but also your unencrypted ones as well. You should not be using both policies since if a user can meet one but not the other you have all kinds of out of sync issues.

          For example, AD says everything is wide open, but MEE says at least 10 characters. User logs in and resets their AD password - which is successful - but MEE will reject the new password and now the user has one MEE password and one AD password.
          • 2. RE: Password Templates
            We cannot use the SSO feature within our Organisation due to the AD structure we currently have. Obviously we need to have s ecure password for EE, hence why we are trying to set it up with these rules, and not just leaving it open to simple passwords.
            • 3. RE: Password Templates
              I'm not sure what your AD structure has to do with SSO? The two systems would seem ot be unrelated?
              • 4. RE: Password Templates
                OK, we have chosen not to use the SSO feature as it can cause issues as our users are not static on one device. If these are then out of sync the user would ahve password reset for EE and then the windows logon would be different. The EE SSO details would then be wrong again when you go back to the original device. We are intially only rolling this out to about 1000 staff but can still cause big issues. Hence why we want to use independant passwords.
                • 5. RE: Password Templates
                  fair enough. You'll be the only customer not using SSO though so please be sure to tell our support teams when you call in, it's kind of assumed nowadays since no one else has implemented without SSO probably for years.
                  • 6. RE: Password Templates
                    you do realise that SSO and password details are syncronized between machines wherever the users account is assigned don't you?
                    • 7. RE: Password Templates
                      Yeh, but only once the device is through the preboot screen? Our problem is that staff may only use laptops occasionally and would cause issues with them not being fully synchronised.

                      From what i understand of organisations around us, alot of them haven't implemented SSO unless that user is tied to that specific laptop - or that they are on at the same time.

                      I did wonder whether it was possible to pass through the pre boot log on and the require authentication whilst the device is on the network again, but obviously that would eliminate the security of having the device encrypted.

                      Is it possible to have a 'last sync' message on the preboot log on?
                      • 8. RE: Password Templates
                        no, thats not possible - that data is encrypted as well.
                        • 9. RE: Password Templates
                          OK fair enough...

                          Any idea why the password settings aren't being forced though??? Would upgrading to B5701 help?
                          1 2 Previous Next