By Bryan Keadle

Problem

Quick … you just discovered a security breach in your password security, or you suspect that your user passwords have been compromised somehow. What would you do? Expiring everyone’s passwords *now*, so that they’ll have to change it on their next login, would be a good step.

Solution

I’ve advocated the use of JRB Utilities (http://www.jrbsoftware.com/)for any en masse needs; it’s a powerful, must-have toolkit for being able to automate tasks and doing most anything in your tree en masse.

The above scenario is a perfect example. Here is a 2-line script that will:

1) Create a list of all user accounts that currently have password expiration dates (ped) starting at a named container and down (/x):

getrest .*.VOP ped != none /j /u /y=d /x /l=pswdexp.lst /e=none

2) For each user account listed in the pswdexp.lst (accounts having existing password expirations), set the password expiration date (ped) to today, and log successful changes to pswdexp.og and any errors to pswdexp.err:

setrest @pswdexp.lst ped today /l=pswdexp.log /e=pswdexp.err

In seconds, I’ve managed to implement this security change procedure.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...Loading...

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: bkeadle
Apr 25, 2007
8:58 am
Reads:
1,003
Score:
Unrated