Home
Join

42 Replies

  • Website doesn't show much.  Tried to watch the video and took forever to pull it up (could be on my end).  Concept sounds interesting though.

    Was this post helpful? thumb_up thumb_down
  •  

    Reg1145 wrote:

    Website doesn't show much.  Tried to watch the video and took forever to pull it up (could be on my end).  Concept sounds interesting though.

    Good find birdra 

    Reg i saw this in email from TechRepublic check it out 

    http://www.techrepublic.com/blog/networking/manage-your-active-directory-identities-with-nervepoint-access-manager/4173?tag=nl.e102 Opens a new window

    Was this post helpful? thumb_up thumb_down
  • I see it specifically seems to be a vm that runs under vmware.  Do they have a vm for Hyper-V?

    Was this post helpful? thumb_up thumb_down
  • I only saw the VMX file on their download page.

    Was this post helpful? thumb_up thumb_down
  • Hullooo  zeeba neighba!

     

    (sorry, couldn't resist)

     

     I would be interested to how nervepoint works out for you though.

    Was this post helpful? thumb_up thumb_down
  • nice find, downloading now, will have a play and report back (probably next week)

    Was this post helpful? thumb_up thumb_down
  • Yeah I saw that on TechRepublic too, it looks very interesting, expecially at that price point! Not sure what the devs at ScriptLogic are going to think when their paid Password Self Service Opens a new window app does exactly the same thing!

    The only issue I have with rolling it out is the initial email asking for users to fill out a profile and provide answrs to Security Questions (as set when you originally configure the web console). I'm pretty sure quite a few of my users either wouldn't be bothered to do it or delete the email without even reading it!

    Still it is a very good idea and would save a whole load of password resets / unlocking of users (mainly caused in our organisation by mobile devices attempting to retrieve emails after the password has expired!)

    Maybe one day...

    Was this post helpful? thumb_up thumb_down
  • got it installed playing with tommorrow

    Was this post helpful? thumb_up thumb_down
  • This looks very cool and interesting. Downloading now and will give it a try soon.

    Was this post helpful? thumb_up thumb_down
  • I agree with pretty much everybody else. Great find!

    We purchased AD Self Service from ManageEngine. But this looks to be a whole lot cleaner. Downloading now, will get back with results.

    Was this post helpful? thumb_up thumb_down
  • My laptop died last night.  So I'm setting up a temp until Lenovo shows up.  Will try to test today.

     

    @Skillet

    LOL!  I love Pearls before swine.  At my job i'm either goat or zebra depends on the user.

    Was this post helpful? thumb_up thumb_down
  • Finally got around to getting this setup.

    First thing is a prerequisite you must have LDAPS enabled on at least one of your DCs for this to work.  It will not connect over a plain LDAP connection.  To setup LDAPS for AD use one of these links 2003 LDAPSOpens a new window 2008 LDAPS.Opens a new window

    The image from the site works from VMware player, but not ESX.  I converted it using the VMware converter.

    The VM is setup to get an IP via DHCP.  I manually changed the IP and DNS server settings in /etc/resolv.conf and /etc/network/interfaces to match my network from an SSH session.  You can do it via webmin, but I kept getting an IPv6 error.

    I then connected to the server via my web browser and went through the wizard to configure the appliance.  Be warned that you cannot easily go back and change some of these options unless you are familiar with the command line.  There are five questions that users will need to provide answers for in their answer profiles.  You can change the default questions to be anything you like or think your users will remember.  The application only needs three to unlock or reset a password.  There is an option to send out a mass email to your users to have them complete their answer profiles during setup.  This is the only time you will see that option as it is not available after setup is complete, so send it now or create your own message later.

    Once the wizrad has completed you are presented with a web page that has three options "Forgotten My Password", "Unlock My Account", and "My Account".  Forgotten My Password takes you to a wizard that will walk you through changing your AD account.  Unlock My Account will take you to a wizard that will unlock your account.  My Account is where users will go to setup their answer profile for the questions created during setup.

    There is also an administration link at the bottom of the page.  Logging on to the admin site defaults to a page with several graphs relating last logons, password changes and expiration, etc.  There also tabs for configuring AD, mail servers, and email templates.  Of some interest is the Manage Identities tab which for now only displays last logon, password expiration date, password changed date, password status, and account status for all user accounts.  While that information is helpful now.  I'm hoping tat we get some kind of drill down or better sorting capabilities.

    So, how does it work.  Simply great.  By that I mean it's simple and great.  I tested it with several accounts in various states and it works as advertised, even warned that one account was not locked.  it even sends out an email notifying the user that their account has been changed.

    I will be rolling this out to production soon.

    Pepper graySpice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • got this set up and rolled out everything went well and really impressed by it

     

    simple and easy and free what more do you want

    5* from me

     

    any body else know of any more free vm's

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Anyone know of a HyperV equivalent?

    Was this post helpful? thumb_up thumb_down
  • I am going to see if I can convert this to a Xen image or ova and check it out.

    :EDIT: going to open with virtualbox, then export as ovf/ova then import into xen.  Time consuming, but still think it's the fastest way.

     

    ::EDIT#2:: Virtualbox doesn't like it, so I am using xenconvert to try to ovf the vmdk.

    ::EDIT#3::  I got it converted to a xen image and am now in the configuration stage.  

    Was this post helpful? thumb_up thumb_down
  • I'm kind of curious what is the company's motive for offering this?

    Usually a free software is open source, for research or its a lite version of a product for sale.  It doesn't seem this company has any other products?  Anyone know any back info on them?

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • I too am a little confused by the offering. The is no mention of an open source license being used. I always check to see who uses which verison of any given open source standard license.

    I would be extremely careful in using this product. Remember you are giving up the keys to the kingdom with this product...

    Was this post helpful? thumb_up thumb_down
  • Now you guys are getting me paranoid.....

    Was this post helpful? thumb_up thumb_down
  • An FYI a newer version is available now with larger AD support, static IP and a few other little trinkets.

    Was this post helpful? thumb_up thumb_down
  •  

    Another great tool for self password reset is Lepide Active Directory Self Service. This is a web based application. The users can even update their basic information through this tool. Plus select a list of people whom they trust to unlock their password when they have lost their own.

    Download the software: http://www.lepide.com/active-directory-self-service.html Opens a new window

    Was this post helpful? thumb_up thumb_down
  • HarshaV wrote:

     

     

    Another great tool for self password reset is Lepide Active Directory Self Service. This is a web based application. The users can even update their basic information through this tool. Plus select a list of people whom they trust to unlock their password when they have lost their own.

    Download the software: http://www.lepide.com/active-directory-self-service.html Opens a new window

     

    not free though

    Was this post helpful? thumb_up thumb_down
  • downloading the new version now to see the differences

     

    the only down side i seemed to have it didn't always successfully sync with AD first time so i could be upto a week before new people were included

    Was this post helpful? thumb_up thumb_down
  • Nervpoint seems a little bit more legit, here's a screen cap of a convo I had with them via twitter.

    http://screencast.com/t/6E2CAlUHTLl Opens a new window


     

    Was this post helpful? thumb_up thumb_down
  • NetWrix Password Manager Opens a new window is now free for up to 50 users. It's not a virtual appliance though, but it's a full-featured self-service password management tool, both web-based and logon prompt-integrated.

    Was this post helpful? thumb_up thumb_down
  • Does anyone know of a free version Self Help Password Unlock Reset Tool that integrates with the logon screen for Windows XP and Windows 7 in a non VM environment? I have 63 users and seems most "free" solutions are only free up to 50. Currently do not have a budget for this now but will purchase a solution in the near future.

    Pepper graySpice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • No longer freeware.

    Was this post helpful? thumb_up thumb_down
  • @Kukubski Nervepoint Access Manager is still free. Download it, use the enterprise features and after 30 days if you're not happy you end up with basic version for 50 users free. You can do all the core bits of password self service, resetting account, unlocking and changing passwords.

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Trialware is not Freeware

    Pepper graySpice (1) flagReport
    1 found this helpful thumb_up thumb_down
  • Check out www.ADSelfset.com Opens a new window. It will be of your help. Their unique support pricing model will free you from AMC.

    Was this post helpful? thumb_up thumb_down
  • I'm intritgued.  Free for the little guys.  Reasonable pricing compared to some others. like thycotic.com and quest.com/password-manager/.

     

    For you folks asking about a Hyper-V equivelent, sorry, but MS doesn't support Linux on HV.  A reasonable solution is to move to ESXi.  Then you can implement this and a lot of other things. (I'm a recovering HV user and have seen the light...)

    Was this post helpful? thumb_up thumb_down
  • almostfamous84 wrote:

    Does anyone know of a free version Self Help Password Unlock Reset Tool that integrates with the logon screen for Windows XP and Windows 7 in a non VM environment? I have 63 users and seems most "free" solutions are only free up to 50. Currently do not have a budget for this now but will purchase a solution in the near future.

    We recently made our Netwrix Password Manager Opens a new window free for 100 users (instead of 50).
    Was this post helpful? thumb_up thumb_down
  • I downloaded nervepoint last week and the free version is still free and you can use it with an unlimited number of users so fits nicely with our 600 odd user population. The features are limited though to password reset and change password but for our purposes that works fine especially since we don't really have much of a budget right now.

    Was this post helpful? thumb_up thumb_down
  • Doesn't it drop down to 50 users though as per Nervepoint post above?

    Was this post helpful? thumb_up thumb_down
  • The old version used to be limited to 50 users I believe, when you download it now you get the full version for 30 days, then after that it goes to the free version there's more info https://www.nervepoint.com/en/content/free-password-manager-software Opens a new window, and according to the page the free version does not limit on users - I can let you know more in about 20 days :)

    Was this post helpful? thumb_up thumb_down
  • I've been using the free edition now for a few days and as promised here's a quick review.

    After a few niggles with the free edition license the support team sorted me out and I was up and running. The free edition compared to the main enterprise version is limited to/offers:

    • Connection to a single Active Directory
    • Unlimited user support - we are using it with around 600 users
    • Browser-based access
    • End user password reset
    • Questions and answers authentication
    • Admin dashboard
    • Admin identity/password information
    • Basic branding
    • Product updates

    The main homepage offers users the ability to reset passwords from the “Forgot My Password” option; setup authentication answers from the “My Account” option and gives admins access to the admin portal via the “Administration” link.

    "Forgot My Password" is the password reset function and its wizard based. The user is expected to answer questions presented before they're able to reset their AD password. "My Account" allows users to set answers to their security questions, we set six questions and configured it so that when resetting passwords our users are required to answer three of the six. The main enterprise version supports more authentication options in the free edition you only get questions but can configure them as you want.

    The "Administration link" takes you to the admin portal where you can configure the system, the default page is the dashboard with graphs and statistics showing activity, password changes and account information etc. There's a page to view and configure your Active Directory connector, an Identities page that gives you all your users information like last logon, password expiry etc. There is also the ability to change basic appearance like logo and you also get regular product updates so it seems free users are not skipped when bug fixes are released.

    Jerry Springer Closing Words:

    So far so good. It's clearly a very active product judging by the knowledge base and updates I've received so far.

    Our system currently has around 600 users on it and it's working fine, it does everything I need right now. To be honest the main enterprise product is attractive in itself and if I had a budget I would certainly consider it, we have a number of cloud accounts for our users it would be good to sync them up.

    Hope this review helps others out.

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • I know it's been a while since this thread first was opened but thought I'd add my 2 cents.

    I've been using this in a lab environment now for a few days and can confirm that it works well. I downloaded and installed the Hyper-V version and had it up and running in no time. Getting the VM to connect to LDAPS was a bit tricky to start but once it's up and running, it runs well. I did have an issue where I couldn't use the email notification system to send email via my cloud Office 365 email however a quick email to the support team and they were able to apply a fix that enabled this to work as I expected. Their help desk was extremely responsive.

    Like Outatime72, we'll be deploying to a production environment once we've expired the trial period and can fully test the remaining free version functionality. If the free version continues to work well, it will be deployed, saving me many hours of useless time resetting passwords.

    Was this post helpful? thumb_up thumb_down
  • As with everything, lock it down, it probably ONLY needs access to your DC's on LDAPS and DNS.  Block all other egress traffic.

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • I setup nervepoint today and for whatever reason I am stuck on the sending emails to the users with incomplete profiles(which is everyone obviously).  I can send test emails and approval emails with no issues but the " This user has not setup their profile so cannot perform any self-service actions."  email " Send Incomplete Profile Reminder" never arrives.  I have even checked my exchange logs and it doesn't even show there.  Maybe this is a bug in the software?

    Was this post helpful? thumb_up thumb_down
  • First of all, I think you are confusing paranoid with cautious. It is part of every networking professional's job to be cautious and even borderline paranoid when it comes to the security of their respective networks. Coming directly from a DoD Cyber-Security background, I will step in and advise everyone of you to be cautious and prudent in how you employ any software on your production network. For those of you who know the extent of cyber-threats in this world, I need not go any further. For those of you who are not familiar, you can assume the worst is possible from a simple mistake of employing the wrong software within your infrastructure. Check, check and recheck everything of this nature you intend to use in your environment before employing it; "Free" typically means it comes with an unseen cost.

    Was this post helpful? thumb_up thumb_down
  • I know this old... but in response to Linux support in Hyper-V; that is not true. Linux and BSD are completely supported in 2008 R2 and above and I quote:

    "Hyper-V supports both emulated and Hyper-V-specific devices for Linux and FreeBSD virtual machines. When running with emulated devices, no additional software is required to be installed. However emulated devices do not provide high performance and cannot leverage the rich virtual machine management infrastructure that the Hyper-V technology offers. In order to make full use of all benefits that Hyper-V provides, it is best to use Hyper-V-specific devices for Linux and FreeBSD. The collection of drivers that are required to run Hyper-V-specific devices are known as Linux Integration Services (LIS) or FreeBSD Integration Services (BIS)."

    https://technet.microsoft.com/windows-server-docs/compute/hyper-v/supported-linux-and-freebsd-virtua... Opens a new window

    Was this post helpful? thumb_up thumb_down
  • That'snot true that it require ldaps connection. Simply specify ":389" (without quotes) at the end of dc address and it will connect with no problems.

    Was this post helpful? thumb_up thumb_down
  • Hey guys,

    Is this a public facing password reset tool?   For users to be able to log in or do we have to integrate this with our website?

    Thanks,

    Joe

    Was this post helpful? thumb_up thumb_down

Read these next...