We appreciate you taking the time to vote and add your suggestions to make our products awesome! Your request will be submitted to the community for review and inclusion into the backlog.
We recommend reviewing what is submitted before posting, in case your idea has already been submitted by another community member. If it has been submitted, vote for that existing feature request (by clicking the up arrow) to increase its opportunity of being added to Cireson solutions.
For more information around feature requests in the Cireson Community click here.
We recommend reviewing what is submitted before posting, in case your idea has already been submitted by another community member. If it has been submitted, vote for that existing feature request (by clicking the up arrow) to increase its opportunity of being added to Cireson solutions.
For more information around feature requests in the Cireson Community click here.
Add AD Password reset task for Analysts
Brett_Moffett
Cireson PACE Super IT Monkey ✭✭✭✭✭
Having an AD Password reset task that is available to analysts from the SCSM console, Cireson Portal and Outlook console to quickly reset a users password over the phone without having to use or even have access to AD Users and Computers.
This would allow analysts to rapidly change users passwords over the phone. This would also enable administrators to lock down access to Active Directory users and computers more as service desk analysts would not require this access to reset passwords greatly reducing security vulnerabilities within an organisation.
This would allow analysts to rapidly change users passwords over the phone. This would also enable administrators to lock down access to Active Directory users and computers more as service desk analysts would not require this access to reset passwords greatly reducing security vulnerabilities within an organisation.
4
Comments
Just thinking out-loud, from the console perspective, a custom task and PowerShell could easily accomplish this. From the portal side, this could be a task which hits a webhook to pass the data and kick off the process. Both of these methods seem rather open to security concerns in general, and possibly won't fit a generalized best practice that *everyone* could agree on.
I'll discuss with our Development team and see what makes sense. Perhaps a more generalized approach to create a Community solution that could be tweaked by each customer to fit their individual requirements?
We are having a service offering for this that start a Runbook.
if the end user are having a “cellphone” registered in the AD, then it’s sending a text message with a onetime password. Here we are also have a link to our ADFS service, so the user can change the password from anywhere.
The onetime password is also stored in the description felt on the users case - so if the don’t have a cellphone the analyst can provided this information
This feature is now available via the Remote Support app that ships with Foundation and Team edition of Cireson products.
And it can do much more, including unlock accounts, add or remove from groups, associate Primary Devices in SCCM and even add them to SCCM collections if needed.
The really cool part about this is that every action is logged and is able to be audited by security. This adds another level of security and comfort for your cyber security team as well as upper management who might be looking to get ISO 20001 certification.
If you have not seen it in action let me know and we can arrange a demo or a free trial.