iLantus Password Management Portal for AD

Aconsiderable amount of IT helpdesk time is spent on managing user passwords queries, and not without good reason. Being human, it is hard for users to remember a complex string of characters that don't really have any meaning. For the IT department, the greater the number of users, the higher the number of password related queries. Not only is the volume of these queries a problem, but also the time taken to resolve them, leading to a lot of idle time for users, and productivity loss. Besides this, calls to the IT helpdesk also has cost implications. In fact, every help desk call is associated with cost as most of the billing is done on the number of calls received by the IT helpdesk representative. A large number of calls could lead to huge billing, especially if the company is using an outsourced IT help desk model.

With some insight on the problem area let us now focus on what could be the solution. The iLantus Password Management Portal (PMP) for Active Directory, is a Microsoft certified, secure, self-service web portal that can streamline Active Directory Password Management and allows users to reset their forgotten passwords or simply change their existing passwords.

Setup requirements

Setting up the password manager could be a little cumbersome with too many components to take care of. To begin with, you would need Microsoft Windows 2003 Server Standard, Web or Enterprise Edition to install this package and it supports ASP.NET version 2.0 only so you need to download and install it. Being a web portal also means that you would also need web server and Microsoft Internet Information Services (IIS) 5.0 or higher versions as the tested web servers for iLantus. Other major requirement of this package is a database that would store user data. iLantus supports Microsoft SQL Server 2000 or SQL Server 2005, one can use express version too which is freely downloadable. Last but not the least, you would of course need Active Directory to be managed by this package. One can download an evaluation copy of iLantus Password Management Portal for AD from http://www.ilantus.com .

In our sample setup, we installed IIS and iLantus on the AD machine. This process is pretty simple. The tricky part is in configuring it. The main configurations required to run this package successfully include setting ASP.Net version through the Internet Information Services (IIS) Manager. In the Internet Information Services (IIS) Manager window expand the Web Sites folder. Expand Default Web Sites. Right click Password Management Portal (virtualdirectory) and then click Properties from the context menu. The Password Management Portal Properties window is displayed. Click the ASP.NET tab and change the version of ASP.NET to 2.0 or above. From the same window click on the Directory Security tab then under Authentication and Access Control, click Edit. The Authentication Methods window is displayed. Select the 'Enable anonymous access' checkbox from this window select the user with administrator rights.

The other important step is to change package properties. On the C drive, on following path Inetpub->wwwroot, right click on the folder with the virtual name of the application (PasswordManagementPortal) and select Properties. On the General tab under 'Attributes', uncheck the "Read only" checkbox. Now on the Security tab under 'Group or user names', select every individual group/user and select all the check boxes under "Permissions for Administrators" section. Click on Advanced button. The Advance Security Settings page is displayed. Double click on the 'Internet Guest Account'. The Permission Entry page is displayed. Select all the check boxes under "Permissions" section and click OK.

Finally to run this package we need to run SQL server with TCP/IP protocol enabled. To do this go to Click Start-> Programs->Microsoft SQL Server 2005->Configuration Tools-> Select SQL Server Area Configuration. Click on the link Surface Area Configuration for Services and Connections, select the server and choose the Remote Connections options, also enable Local and Remote connections and choose TCP/IP as the option.

It is highly recommended to use SSL security for this package, Secure Sockets Layer (SSL) is a protocol used for transmitting confidential data over the Internet. It creates a secure connection between a client and a server, over which any amount of data can be sent securely. SSL uses digital certificates issued by a valid certification authority (CA) to authenticate both parties to the transaction (client and server). If the Web server is set up to require secure connections, it will reject non-secure requests. To connect to a secure page, the client uses https:// at the beginning of the URL instead of http://. In this sample implementation we have not used SSL.

Once we are done with above setting we need to visit URL of iLantus (http://192.168.5.147/PasswordManagementPortal). The first time, you would be asked to enter the configuration setting that includes SMTP, AD and SQL setting, but before that you are given the option of selecting a trial version or registering this package. Once you have done all these setting portal can be accesses by registered users or administrators, Changes done on credentials in this package would be reflected in AD.

Features

Main feature of this package is that using iLantus users can bypass helpdesk and reset their forgotten passwords or change existing passwords themselves. Implementing this package means that you can change your password 24x7 which means negligible loss in productivity and cost saving. This package has a built in encryption system which makes password management process secure, and if used with SSL (highly recommended) adds to security robustness. iLantus package can also be helpful in forcing compliance policies which is critical in case your organization is going for certification.

With built-in auditing and activity tracking, the Password Management Portal provides the administrator a comprehensive and immediate notification of the password reset activity by the end users.

The Bottomline: Though a bit tricky to implement, this Microsoft certified iLantus package can save you lot of IT budget by cutting down IT help desk costs and problem resolution time.