8 Replies Latest reply on Jul 26, 2013 5:26 PM by Leon Adato

    NPM 10.1 - how users can change password in this brave new world?

    Leon Adato

      Now that we've implemented NPM 10.1 and integrated it with Windows AD, we're enjoying the ability to manage users in AD, while assigning a single group to SolarWinds.

      One challenge is that we have a large number of users who NEVER connect to the AD, but who use SolarWinds a lot. And sometimes they want to change their password.

      In the days of yore (what was that, a month ago?) the "Password Reset" link was easy enough to place on their toolbar.

      With AD? Not so much.

      Given that I don't want to spend my time changing passwords for users, what are people using to help users help themselves?

      Thanks in advance!

       - Leon

        • Re: NPM 10.1 - how users can change password in this brave new world?
          Andy McBride

          If the user AD authenticates there is no Orion password to change. For those who don't AD authenticate you should make Orion accounts for them.

          I see what you are looking for now - I'll check into it.

            • Re: NPM 10.1 - how users can change password in this brave new world?
              Leon Adato

              Right, but you are missing my point.

              I have a large number of external users who log into SolarWinds. In order to avoid managing dozens of different accounts with various needs (some get NCM, some don't. Some have one toolbar, others have a different one, etc) I've created AD users instead, and added them to various AD groups. Then I add the AD group into SolarWinds, making that side of the management equation much easier to handle.

              My challenge is that these users - who will NEVER log into AD - can't change their password.

              And of course, I don't want to create Orion user accounts for them because it would mean changing each user account when I needed to update a view, toolbar, etc.

              Does that make better sense?

              I see you updated your response. I eagerly await your reply!

               - Leon

              • Re: NPM 10.1 - how users can change password in this brave new world?
                Andy McBride

                I found that the only place that ability exists is in the Setting area. I'll mark this for a PM to see for a possible feature.

                  • Re: NPM 10.1 - how users can change password in this brave new world?
                    bshopp

                    That is something we will have to consider for a future release.  Most users who are using AD, their users are logging into Windows for example and use the native facilities there to change their passwords.

                    Also you can set the password in AD to never expires and create one for them and send to them, just a thought.

                      • Re: NPM 10.1 - how users can change password in this brave new world?
                        netlogix

                        Why are you using AD for those users if they don't use AD except for Orion?

                        Is it because of the grouping making the configurations of Orion simpler?  If so, maybe some internal Orion user groups would be better, but I don't think Orion has that (at least not now).

                        I see the AD auth piece just a way to off load password management to AD, but if those uses don't touch AD, then keep the password managment in Orion.

                        What do you think?

                        • Re: NPM 10.1 - how users can change password in this brave new world?
                          Leon Adato

                          Brandon:

                          The problem with setting passwords to "never expire" is that we'd fail any security audit which is a deal breaker for many of our customers, not to mention our own internal standards.

                          To all:

                          After a bit of investigation, I came up with 4 possible solutions (at least until SolarWinds solves it internally):

                          1. Implement IISADMINPWD. Since we run Win 2008 R2, it would mean pulling the files from a 2003 installation (64bit, no less) and kludging merrily along. It works (as indicated by many on the internet) but just seems like an inelegant solution. Plus, I don't have a 2003 64bit server to pull from, so it was a hassle.
                          2. Implement one person's home-grown HttpMethod replacement for IISADMINPWD (http://iisadmpwdhttpmodule.codeplex.com/). I'm sure he's a nice guy, but installing one person's custom-compiled code just seemed like the wrong way to go.
                          3. Write my own script. How hard could it be, right? Javascript should do the trick to ask the user who they are, get a new password, pass it all back to AD, etc. I could do that, but...
                          4. NetWrix (www.netwrix.com) has already done the job for me. They've got a single MSI installer that works on anything from WinXP on up (yes, up to 2008 R2). I couldn't install the "ChangePassword" directory *into* the NPM website, but I didn't have to, either. I just created another site and installed it there. Now I can add a toolbar menu to all my external users which redirects to the other site.

                          Admittedly, I'm still testing it out and shaking out the bugs, but this seems like the easiest way to go. Cheapest too. It's free for under 300 users. The licensed version starts at about $500.

                          Anyone who wants additional details should shoot me a PM.

                           - Leon