The task of helping end users in difficult situations is a heavy burden on the IT departments of large and growing companies. According to some estimates, each case of a password reset can cost $ 70 (taking into account the loss of working time), and such incidents cause approximately 30% of calls to technical support. Even higher costs may be incurred in industries with special legislation, for example, in the banking sector.
Why do users forget their passwords to access the system?
There can be several reasons:
- Many passwords that need to be memorized. Each user has an average of about a dozen services and applications, each of which requires a password login. Often the user simply gets lost in these passwords and enters the wrong one.
- Periodic change of passwords. In organizations with strict password policies, passwords have a specific expiration date. And after a certain period of time the password must be changed. The user forgets to change the password and it is automatically set to random. Or he changes the password, but he still does not get used to it and gets confused when entering the wrong one.
- Implement a strong password policy. Difficult password is easier to forget.
But we are not talking about the reasons that are clear to any specialist, but about how in such situations you can simplify life in the first place for administrators and the Help Desk service. It is not long to reset the password (see
examples ), but if there are many such requests to the technical support service, large resources are diverted to processing them (time is wasted). Users, of course, can not work at a time when they do not have access to the system. The overall performance is reduced.
')
In an Active Directory environment, administering user passwords includes many tasks, such as strengthening password security requirements through group policies, Help Desk service activities, and multiple configuration of user account management options. Often these operations are decentralized and account holders are left out of managing their accounts.
Here, self-resetting password managers come to the rescue (see the review on
osp.ru ). They are intended to partially transfer the password management tasks from the technical support service to the users themselves. Salvation drowning in the hands of drowning.
We will not dwell on the essence of this product group (see the link to the review above), but tell you about our solution for managing user passwords in AD -
NetWrix Password Manager . The program exists in two versions: basic free (up to 50 users) and expanded commercial.
It simplifies the work of three categories of employees at once:
- Users can change passwords on their own and not wait until they get their turn in the technical support service;
- Help Desk operators do not spend their time (as we wrote above - up to 30% of their time) to solve such problems. They can focus on the more important. EFFECT: optimization of personnel work;
- Administrators can enforce a stricter password policy and receive detailed password change reports.
To achieve this, three roles are distinguished:
- End users
- Help Desk Service Operators
- Administrators
By applying these roles to groups and individual users, administrators can control access to password management.
Key Product Features and Description
NetWrix Password Manager helps to reduce the load of the Help Desk service and administrators, because:
- Users are given access to a web portal where you can perform basic actions with passwords;
- Help Desk specialists can manage user accounts and receive reports on their status through a web interface;
- Administrators can enforce stricter password requirements.
Product architecture
NetWrix Password Manager consists of the following components:
1.
Web application : includes three web portals that provide program functionality;
- Administrative portal: allows you to change program settings, including controlled domains, question policies and options available to users, as well as to make mass registration of users in the system.
- Help-Desk portal: it is intended for centralized management and receiving reports on registered (enrolled) accounts;
- User portal: a web-based user interface designed for self-managing passwords.
2.
Core Password Manager Service : performs the operations requested through the web portals;
3.
Password Manager Client (extension on the Windows login screen): extends the functionality of the standard login dialog and allows users to perform reset and change password operations, as well as self-unlock the account. The client supports the registration wizard (enrollment wizard).
The product is installed with default settings (such as password security settings, options available to users, verification questions policies, etc.). You can change them through the administrative portal.
And now more about the portals.
Working with the program, as already indicated above, is carried out by three categories of users. For each of them has its own portal.
Administrative portal (Administrative portal)
Access to the portal can be obtained from any computer by URL (specified during the program setup process).
Program settings are set just through this portal. The administrator when working with the program can:
- Add, remove or change the list of monitored domains;
- Configure the following:
- Branding (logo, contacts)
- User options (password management options available to users)
- Asked questions (set of questions used for verification). If you would like to ask the users not for the mother's maiden name, but for something else, then use this function.
- Question policy (question and answer length, minimum number of questions required for verification)
- Password Policy (password length)
- Alerts (to which events to respond and to whom to send alerts about them)
- Assign roles to users and groups (Administrators / Operators Help Desk / Users)
- Perform mass registration of users in the program (batch enrollment) - importing account information from a .csv file
User portal (Self-service portal)
The user portal performs four basic actions:
- Registering with NetWrix Password Manager
- Password reset
- change Password
- Account unlocking
Registration of users in NetWrix Password Manager can be done either manually (the user answers on his computer or on the user portal for questions), or through a mass registration operation (batch enrollment), which is performed by the administrator.
Through Password Management Client
After the program is installed, the Password Management Client component is added to startup. At the same time, the user will see the following window at the next login:
The sequence of actions for the user is pretty obvious: choose a question and give an answer to it. Questions, of course, may be several. Also, if this is not prohibited by the policy, the user can come up with his own question (this setting is made on the Administrative Portal).
Through the user portal (Self-service portal)
Open the portal (Start> All Programs> NetWrix> Password Manager> Self-Service Portal).
Please note that this portal is available in Russian.
Choose Registration.
The user selects questions and gives answers to them.
Users registered in the system will be able to perform the following actions:
- Reset password
- Change password
- Unlock your accounts
Password reset
Password reset is carried out by users and operators of the Help Desk in the event that a user cannot access a user portal or extension on the Windows login screen.
Please note that a unique feature of our program is a password reset via the client in the absence of a connection to the server.
We quote from the review above:
“
NetWrix Password Manager's unique feature is password reset in offline mode. In this case, the GINA extension is activated on the Windows registration screen to reset the cached user password, even if it is not connected to a domain. This can be very convenient for companies with a large number of mobile users, but requires the local installation of the GINA extension . ”
Password reset by user:
In order to change the password, the user goes through several steps:
- Opens the portal.
- Selects Reset in the Reset section.
- Enter username and domain name.
- Answers questions selected during the registration procedure.
- After the correct answer to the question (s), the user enters a new password and its confirmation.
As a result, the password will be changed.
Please note that using the program, the user will also be able to unlock his account (for example, if entering the wrong password several times resulted in blocking it). And again, all this is done independently, without the help of Help Desk operators.
Reset password through the Windows login extension:
- Log out
- Click the “Cannot Login?”
- Logon Assistance Wizard appears
- Enter the domain \ username and click Next

- Enter the new password and its confirmation
- If your account has been blocked, select Unlock Account
- If you want the password to not expire, select Password never expires
- Enter the answers to the questions. Password will be changed.
Password reset via Help Desk portal (performed by Help Desk operator)
- Open Help Desk portal (Start> All Programs> NetWrix> Password Manager> Help-Desk Portal)
- Select a user who needs to change the password.
- When you select Unlock or Reset Password, the User Identity Verification page appears, which displays questions selected by the user during registration and answers to them. This displays only the first and last letter of the answer. The user reports them (first and last letter) to the Help Desk to the operator, and he, in turn, resets the password.
- Assign a new password to the user.
- Password will be reset.
Control by administrators
In order for administrators to monitor all password changes, the program has reports and notifications.
- Notifications can be enabled for the following events:
- Register an account in Password Manager.
- Password reset.
- Unlock account.
- Change Password.
- Failed verification attempt.
Two types of reports are available:
- User Activity shows all user activity related to passwords (Register, Change, Reset, Unlock Account) for a specific period of time. The report displays the result and time.

- User Enrollment displays the registration status (registered in the NetWrix Password Manager database or not) for all users in the monitored domain.
You can view the program on
our website . We once again draw your attention to the fact that the
version for 50 users is available for free .
View a webinar recording on the use of the program (along with other lock management solutions)
here .
PS We will talk about the work of the free version of the program on December 19
at the webinar “10 free tools for controlling the IT infrastructure”, along with other free NetWrix programs.