|
If they can't get into e-mail to retreive the password, it wouldn't work a-tall. . . but, then again, if they've disabled both their OS/400 profile *and* their Notes profile, they should be flogged . . . and they probably need the personal attention that they would receive from a help desk call . . . Steve <rob@xxxxxxxxx> wrote in message news:OFC65427F0.CDEA1522-ON05257015.0060CEA9-05257015.0060DCF9@xxxxxxxxxxxx > Steve, > > How would that work for resetting their Notes password to get into their > corporate email? > > Rob Berendt > -- > Group Dekko Services, LLC > Dept 01.073 > PO Box 2000 > Dock 108 > 6928N 400E > Kendallville, IN 46755 > http://www.dekko.com > > > > > > "Steve McKay" <mckays@xxxxxxxxxxx> > Sent by: midrange-l-bounces@xxxxxxxxxxxx > 06/03/2005 11:06 AM > Please respond to > Midrange Systems Technical Discussion > <midrange-l@xxxxxxxxxxxx> > > > To > midrange-l@xxxxxxxxxxxx > cc > > Subject > Re: Profile self-service > > > > > > > Mike - > > Actually, the entire process is not terribly difficult to create yourself > using Apache, RPG, and a few HTMLs or you could create a RESET user that > could only be used to reset passwords or re-enable user profiles. You'd > have to 'publish' the password so users could get in and they would be > disabling that user profile continually (after all, if they can't remember > > their own password, how are they going to remember that one?) but there > are > things you can do to alleviate that. > > Should you attempt this, I suggest that you allow your users to re-enable > a > disabled user ID but, in the process, change their password (generate it > yourself) and e-mail it to the user's corporate e-mail address. You could > > use the same process for forgotten passwords. This would ensure that your > > operators are not changing user profiles and that passwords are > transmitted > only on your corporate network and, if a bad person is trying to get a > password, they would also have to have access to the e-mail of one of your > > employees. Of course, this supposes that all of your employees have > e-mail > and that you provide the e-mail infrastructure in-house. > > Also, consider formulating your questions such that you can compare the > answers provided against your corporate files rather than allowing the > employee to provide the answer to the question in advance. In other > words, > ask for Social Security number and compare against your HR file rather > than > asking the employee to provide you with the name of his/her favorite pet > today so your can ask that question tomorrow to verify their ID. > > I have a RPGLE program that will generate a random password and a "reset > user profile and/or password" CL program that I will contribute if you > decide that you want to go down the do-it-yourself road. > > HTH, > > Steve > > <Mike.Crump@xxxxxxxxxxxxxxxx> wrote in message > news:OF14FB0CDD.CBD90FA3-ON05257015.004A9A87-05257015.004C005B@xxxxxxxxxxxxxxxxxx > . >> >> I think the issue over security comes down to the environment of > challenge >> questions. And when we look at the help desk now the nuisance security >> calls are way high. A year ago 40% of our calls were printer related, >> another 40% were security related. Through new printers, proper afp >> resource settings, and IBM's MarkVision we have eliminated over 80% of > our >> printer calls. That's good but now we are really skewed with security >> related calls - they make over 60% of our calls now - and the majority > are >> password change problems, account lockouts, password resets, etc. A >> person >> calls in needing assistance. Right now today we have an idea of who > they >> are but we do not authenticate them. Our parent company says we have to >> using challenge questions - so, I'm extending that requirement and > saying >> that using that authentication method in a self-service environment is > the >> most beneficial. >> >> Having said that I believe that the challenge system has to be somewhat >> robust. Unfortunately if it's to difficult it can the results can be > the >> exact opposite of what you want. I've got a restriction on my credit >> profile - damn, I almost can't answer the questions to get through but >> that's another story. >> >> I think the self-service system also has to have very robust controls - >> only so many actions within a given time frame, good reporting, and good >> messaging. >> >> If all of these things are met I think it is possible to provide a > secure >> environment that improves customer service (and hopefully satisfaction) >> and >> reduces nuisance type calls to the help desk. If I can do that then the >> night creatures are happy, my help desk people are happy, and the >> customers >> are happy. >> >> A good SSO environment would go a long way to reducing this but that's > not >> entirely possible in our environment....and even with SSO I think I > would >> still want some sort of function available for the domain access. >> >> >> >> >> >> >> >> rob@xxxxxxxxx >> >> 06/02/2005 11:54 To >> PM Midrange Systems Technical >> Discussion >> >> <midrange-l@xxxxxxxxxxxx> >> Please respond to cc >> Midrange Systems >> Technical Subject >> Discussion Re: Profile self-service >> <midrange-l@midra >> nge.com> >> >> >> >> >> >> >> >> I don't think it defeats the purpose for a security officer or >> administrator. Ever use a web site with a password? Now, figure you're > a >> nation wide bank with 2 million customers. Now how many Pakistanis > would >> you have to employ just to reset user's passwords? And wouldn't they > ask >> the same sort of questions that a good program could ask? Mother's > maiden >> name or some such thing. That's the purpose of a good challenge > question >> system. >> >> We've analyzed our help desk calls for our internal users. A vast bulk > of >> the calls fit two categories: Resetting printer writers, and, resetting >> passwords. We've tackled the first and now it's time to move on to the >> second. We were looking at adding another help desk person. Sad to see >> this not happen. Gal we had in mind lives about two miles away and is >> dying to get back in to programming after her layoff from another > company. >> With the economy the way it is, this looked like the best way to sneak >> another person in. Start her out at the help desk and move her into >> programming. >> >> Rob Berendt >> -- >> Group Dekko Services, LLC >> Dept 01.073 >> PO Box 2000 >> Dock 108 >> 6928N 400E >> Kendallville, IN 46755 >> http://www.dekko.com >> >> >> >> >> >> ron_adams@xxxxxxxxxxxxxx >> Sent by: midrange-l-bounces@xxxxxxxxxxxx >> 06/02/2005 04:11 PM >> Please respond to >> Midrange Systems Technical Discussion >> <midrange-l@xxxxxxxxxxxx> >> >> >> To >> Midrange Systems Technical Discussion >> <midrange-l@xxxxxxxxxxxx> >> cc >> >> Subject >> Re: Profile self-service >> >> >> >> >> >> >> I'm not sure if this necessarily fits the bill for your issue, but I > wrote >> >> a password reset utility a while back that would allow a manager > (*SECADM) >> >> to reset a disabled user profile. >> It will allow them the choice also of resetting the password to default >> which is the same as the user id. >> I set it up with object authority so that only those I specified could > run >> >> it and that they could only change a user profile if the user did not > have >> >> any of the following attributes, *ALLOBJ, *SECADM, *SPLCTL or *SERVICE . >> Also, I set it up so it will also send me a message when it's executed. >> >> I can send you a copy if you think it will help. >> >> As for self service, I would think something like this would be too > risky >> and/or difficult to set up. It also defeats the purpose for a security >> officer or administrator. >> >> Ron Adams >> >> >> >> >> >> Mike.Crump@xxxxxxxxxxxxxxxx >> Sent by: midrange-l-bounces@xxxxxxxxxxxx >> 06/02/2005 03:31 PM >> Please respond to Midrange Systems Technical Discussion >> >> >> To: midrange-l@xxxxxxxxxxxx >> cc: >> Subject: Profile self-service >> >> >> I'm working on two possibilities but was wondering if anyone was > familiar >> with a software package that: >> >> 1.) Verifies user identity through a series of challenge questions and >> >> 2.) Allows them to change/reset/unlock their account. >> >> NetIQ (ie Pentasafe) has something close with their Vigilent and >> PSPasswordManager products but I don't think all the pieces are there. >> >> Triaworks (Powerlock) might have something if TIM PM ever sees the >> sunlight >> of GA..... >> >> http://www.triaworks.com/downloads/TIM%20PM%20Datasheet.pdf >> >> Due to constraints beyond my control we will be on a NT 4.0 domain for a >> while so a good SSO solution may not be in my near future. I'm looking > at >> some other types of reduced SO options but in the mean time need to >> investigate this. Even if I can't do self service my audit/parent > company >> (ie: those bloodsucking night creatures without a real job) demands will >> necessitate that we maintain a challenge question database for my end >> users >> so that we can correctly identify John Smith and not be socially >> engineered. So, my drop back position is to have an application that >> allows me to setup, manage, and identify end users by challenge > questions. >> >> >> >> Michael Crump >> Manager, Computing Services >> Saint-Gobain Containers >> 1509 S. Macedonia Ave. >> Muncie, IN 47302 >> (765)741-7696 >> (765)741-7012 f >> (800)428-8642 >> >> "The probability that we may fail in the struggle ought not to deter us >> from the support of a cause we believe to be just" Abraham Lincoln >> >> >> >> >> -- >> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing >> list >> To post a message email: >> MIDRANGE-L@xxxxxxxxxxxx >> To subscribe, unsubscribe, or change list options, >> visit: http://lists.midrange.com/mailman/listinfo/midrange-l >> or email: MIDRANGE-L-request@xxxxxxxxxxxx >> Before posting, please take a moment to review the archives >> at http://archive.midrange.com/midrange-l. >> >> >> >> -- >> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing >> list >> To post a message email: >> MIDRANGE-L@xxxxxxxxxxxx >> To subscribe, unsubscribe, or change list options, >> visit: http://lists.midrange.com/mailman/listinfo/midrange-l >> or email: MIDRANGE-L-request@xxxxxxxxxxxx >> Before posting, please take a moment to review the archives >> at http://archive.midrange.com/midrange-l. >> >> >> -- >> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing >> list >> To post a message email: >> MIDRANGE-L@xxxxxxxxxxxx >> To subscribe, unsubscribe, or change list options, >> visit: http://lists.midrange.com/mailman/listinfo/midrange-l >> or email: MIDRANGE-L-request@xxxxxxxxxxxx >> Before posting, please take a moment to review the archives >> at http://archive.midrange.com/midrange-l. >> >> -- >> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing >> list >> To post a message email: >> MIDRANGE-L@xxxxxxxxxxxx >> To subscribe, unsubscribe, or change list options, >> visit: http://lists.midrange.com/mailman/listinfo/midrange-l >> or email: MIDRANGE-L-request@xxxxxxxxxxxx >> Before posting, please take a moment to review the archives >> at http://archive.midrange.com/midrange-l. >> >> > > > > -- > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing > list > To post a message email: > MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > > > -- > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing > list > To post a message email: > MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
