+ Post New Thread
Results 1 to 11 of 11
MIS Systems Thread, Force Password Change after set days? in Technical; Im looking to see if anyone has any idea on how to get sims to require a change of password ...
  1. #1
    alunmjones's Avatar
    Join Date
    Jul 2009
    Location
    North Wales
    Posts
    178
    Thank Post
    8
    Thanked 10 Times in 10 Posts
    Rep Power
    12

    Force Password Change after set days?

    Im looking to see if anyone has any idea on how to get sims to require a change of password after a set amount of days, i already require the staff to change there password after a set amount of days via AD, im looking to do ssomething similar with SIMS, i have asked our support company that deals with SIMS to contact capita about it but i have not heard back from them yet.

    anyone have any ideas?

    im trying to improve our security in every way i can.

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    There are ways to integrate SIMS with AD, so users have the same username and password. Of course when you change this in AD, it'll be the same for SIMS too.

  3. #3
    alunmjones's Avatar
    Join Date
    Jul 2009
    Location
    North Wales
    Posts
    178
    Thank Post
    8
    Thanked 10 Times in 10 Posts
    Rep Power
    12
    SIMS is running on a different AD domain to the rest of the school system, there is only a link through to the correct ports to get sims to work, hoping to do it without having to change usernames as there would have to be a reference made to link the new usernames with the old ones for the old records to make sence.

    im hoping that there is a database record i can change (get our support company) that will tell the software to auto tick the change password box on the login page every say 30 days or so.

  4. #4

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,407
    Thank Post
    368
    Thanked 639 Times in 521 Posts
    Rep Power
    158
    If the SIMS server can see the AD they're on, you can use that. In theory anyway.

    SQL can be set to use your Windows password policy - how well SIMS copes with it is another matter. Simple is no, use AD.

  5. #5

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,851
    Thank Post
    672
    Thanked 1,383 Times in 1,145 Posts
    Rep Power
    350
    So there is nothing in the new system manager that may help in terms of forcing a change?
    You could reset it yourself via system manager and email them the password i believe that is possible. Either do it for all on a set day of the week, or stagger it in groups..

  6. #6

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,407
    Thank Post
    368
    Thanked 639 Times in 521 Posts
    Rep Power
    158
    Quote Originally Posted by vikpaw View Post
    So there is nothing in the new system manager that may help in terms of forcing a change?
    It's called Windows Authentication

  7. #7

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,851
    Thank Post
    672
    Thanked 1,383 Times in 1,145 Posts
    Rep Power
    350
    Quote Originally Posted by matt40k View Post
    It's called Windows Authentication
    That's not new and might not work. Emailing could be useful at least.

  8. #8

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,407
    Thank Post
    368
    Thanked 639 Times in 521 Posts
    Rep Power
    158
    Quote Originally Posted by vikpaw View Post
    and might not work
    Eh? What do you mean it might not work?

  9. #9

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,851
    Thank Post
    672
    Thanked 1,383 Times in 1,145 Posts
    Rep Power
    350
    Quote Originally Posted by matt40k View Post
    Eh? What do you mean it might not work?
    Thought the OP said SIMS was on a different domain, so not sure if it will see the other branch of the tree in sysman. Might need fiddling with trust or DNS or something.

  10. #10

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,407
    Thank Post
    368
    Thanked 639 Times in 521 Posts
    Rep Power
    158
    If you can map a drive on other domain, you can use the "runas" to change the Windows User SIMS uses, a slicker example would be: http://matt40k.co.uk/uploads/SIMSADLogin.exe

    So if you have two domains on say 192.168.0.1/24, this would work, if you have two networks, 192.168.0.1/24 and 192.168.100.1/24 you would need to ensure LDAP etc allowed to be routed between the two, DNS would also need setting up. Assuming all the networking is correct, you would download the above to the SIMS directory, then as the username enter domain\username - for example, admin\blacka from the curriculum domain client (and assuming the connect.ini has the correct Trusted bit in the connect.ini)

  11. #11

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,970
    Thank Post
    113
    Thanked 490 Times in 336 Posts
    Blog Entries
    2
    Rep Power
    283
    It's possible, but I wouldn't recommend it.

    There's a SIMS stored procedure to reset a user password, but this needs a new password. This is a security hole as the password needs to be given to the user.

    At this point, the password is stored in plain text in the SIMS user record (in the password generated field), while the password valid field as flagged as 'false'.

    At next login, the SIMS user must type in this password you supplied (which is stored in plain text in the sims record field).

    The SIMS stored procedure calls an encryption routine which encrypts the new password.

    At this point the valid password flag is set to 'true' and the 'generated password' field is set to null. The SIMS user is now operating with an encrypted password of their own choosing.

    It is possible to manually set the 'valid password' flag to TRUE after you call the reset password procedure, which would bypass the 'choose a new password' routine when the user logs in. However, this means that the SIMS user passwords are stored in plain text in the SIMS user table which is an utterly terrible idea. So don't even think about it.

    I'm sure there's a simple flag in the SIMS system which prompts the user to change the password - this is on the first dialogue box. I might run Profiler to find it at some point, unless someone else knows what the 'change password' option flags up?
    Last edited by jinnantonnixx; 31st August 2011 at 10:49 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 1
    Last Post: 23rd November 2010, 10:34 AM
  2. Force Password Change on AD
    By wellscs in forum Windows Server 2000/2003
    Replies: 1
    Last Post: 3rd September 2010, 09:06 AM
  3. Replies: 0
    Last Post: 21st April 2010, 02:47 PM
  4. Replies: 14
    Last Post: 1st March 2010, 04:27 PM
  5. How to force regular password change in FMS?
    By nielpeel in forum MIS Systems
    Replies: 3
    Last Post: 3rd November 2009, 11:01 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •