We appreciate you taking the time to vote and add your suggestions to make our products awesome! Your request will be submitted to the community for review and inclusion into the backlog.

We recommend reviewing what is submitted before posting, in case your idea has already been submitted by another community member. If it has been submitted, vote for that existing feature request (by clicking the up arrow) to increase its opportunity of being added to Cireson solutions.

For more information around feature requests in the Cireson Community click here.

Add AD Password reset task for Analysts

Brett_MoffettBrett_Moffett Cireson PACE Super IT Monkey ✭✭✭✭✭
Having an AD Password reset task that is available to analysts from the SCSM console, Cireson Portal and Outlook console to quickly reset a users password over the phone without having to use or even have access to AD Users and Computers.
This would allow analysts to rapidly change users passwords over the phone. This would also enable administrators to lock down access to Active Directory users and computers more as service desk analysts would not require this access to reset passwords greatly reducing security vulnerabilities within an organisation.
4
4 votes

Completed · Last Updated

Cireson Remote Support tools now offer this feature direct from the analyst portal when editing a work item.

Comments

  • chris_rosschris_ross Member Ninja IT Monkey ✭✭✭✭
    Interesting thoughts here, Brett.  

    Just thinking out-loud, from the console perspective, a custom task and PowerShell could easily accomplish this. From the portal side, this could be a task which hits a webhook to pass the data and kick off the process.  Both of these methods seem rather open to security concerns in general, and possibly won't fit a generalized best practice that *everyone* could agree on.

    I'll discuss with our Development team and see what makes sense.  Perhaps a more generalized approach to create a Community solution that could be tweaked by each customer to fit their individual requirements? 
  • Geoff_RossGeoff_Ross Cireson Consultant Super IT Monkey ✭✭✭✭✭
    Maybe it makes more sense to build this functionality into password reset. So that an password reset analyst, determined by an ad group can access password reset, authenticate for security and then reset any users password. This way, all the touching of AD and it's security is already in place.
  • Brett_MoffettBrett_Moffett Cireson PACE Super IT Monkey ✭✭✭✭✭
    I agree with Geoff on this one that a hook to the password reset app would not only allow for a single location for triggering these requests but also allow the service desk to utilize the identification features (SMS Code etc.) to verify the person on the end of the phone call is who they say they are.
  • Kenneth_AndersenKenneth_Andersen Customer IT Monkey ✭

    We are having a service offering for this that start a Runbook.

    if the end user are having a “cellphone” registered in the AD, then it’s sending a text message with a onetime password. Here we are also have a link to our ADFS service, so the user can change the password from anywhere.

    The onetime password is also stored in the description felt on the users case - so if the don’t have a cellphone the analyst can provided this information

  • Brett_MoffettBrett_Moffett Cireson PACE Super IT Monkey ✭✭✭✭✭

    This feature is now available via the Remote Support app that ships with Foundation and Team edition of Cireson products.

    And it can do much more, including unlock accounts, add or remove from groups, associate Primary Devices in SCCM and even add them to SCCM collections if needed.

    The really cool part about this is that every action is logged and is able to be audited by security. This adds another level of security and comfort for your cyber security team as well as upper management who might be looking to get ISO 20001 certification.

    If you have not seen it in action let me know and we can arrange a demo or a free trial.

Sign In or Register to comment.