|
|
 |
Password Recovery Console – Delegated Management Version™
Current Version: 2.53 - Build 050510 |
 |
 |
|
|
|
The Password Recovery Console (PRC) provides a web interface to recover passwords changed (randomized) and stored by User Manager Pro.
The Password Recovery Console is a free optional component of the User Manager Pro Suite.
Note: This product will not recover lost passwords or reset the password on your Windows workstation or Windows Server. It is not a password cracker or password hacking tool. |
|
The Password Recovery Console is a web-based application that enables the delegation of password recovery privileges. The Password Recovery Console interface can be accessed from any networked system, and can be configured to allow specific users in your enterprise to recover the password of any or all accounts that have been set and stored by User Manager Pro. The Password Recovery Console offers granular control that enables Administrators to assign responsibility for recovery of particular accounts or groups of accounts to appropriate employees (such as support or help desk personnel).
The Need for Strong Local Credentials
One of the easiest ways to compromise a corporate network can be through local system credentials. In addition to Domain or Active Directory security, each Windows desktop and server system in the company also has local security; this means that every system has a local Administrator account that allows access to that system, and potentially exposes vital corporate resources.
Microsoft does not provide a convenient way to disable or easily manage all of the local accounts that exist in a company’s Windows environment. Too often, network managers are forced to take a shortcut, like setting a common password for all of their local Administrator accounts. This practice creates a significant hole in the company’s security; if the password is discovered or compromised through a brute force attack (which may not be detected because the attack could be limited to a single system), every system in the company would be immediately vulnerable because all of those systems share the same password.
The mandates of Sarbane-Oxley, HIPAA, Gramm-Leach-Bliley, the California Security Breach Information Acts, NASD 3010, SEC 17a-4, 21 CFR Part 11, DoD 5015.2 require the implementation of reasonably hard to compromise local logon credentials. This requirement is important to prevent the exposure of critical data, and is mandatory for most organizations to prevent legal exposure of responsible executives.
Creating Strong Local Credentials
Lieberman Software’s program User Manager Pro can change the password of any account on all the Windows desktops and servers on a network in just a few minutes, without the need for scripts or customizations of any type. UMP can be set up to regularly change the passwords of specified accounts according to a schedule of your choice. Change success and failure is audited, and failed changes can be automatically retried. The newly set credentials can be stored in an encrypted format on the machine running UMP and can be recovered on demand using User Manager Pro.
The optional Random Password Generator component of User Manager Pro can be set up to change the passwords of specified accounts on all the Windows desktops and servers on a network such that each account on each system receives a unique, cryptographically strong password on a regular basis. This component improves the overall security of your organization, by ensuring that that the compromise of an account on a single machine does not enable access all of the other systems in the organization.
RPG supports a variety of cryptographic options that, combined with the scheduling ability of UMP, enable the configuration of an enterprise such that all passwords are automatically changed to new, unique values at intervals that are shorter than the expected time it would take to crack a password via a brute force attack. (The expected time to crack a password can be calculated from available processor speed and the cryptographic strength of the password.) |
|
|
|
|
|
|
