ActiveDirectory: Difference between revisions

From UMIACS
Jump to navigation Jump to search
(Touchups)
Line 1: Line 1:
Windows Authentication is based on [http://web.mit.edu/kerberos Kerberos] standard authentication but with some extensions. Your [[Kerberos|UMIACS Kerberos5]] account is different from your [[ActiveDirectory]] account and the password for each can vary independently.
Windows Authentication is based on [http://web.mit.edu/kerberos Kerberos] standard authentication but with some extensions. Your [[Kerberos|UMIACS Kerberos5]] account is different from your [[ActiveDirectory]] account and the password for each can vary independently.


Your [[ActiveDirectory]] authentication is used in a variety of different places,
Your [[ActiveDirectory]] authentication is used in a variety of different places:
 
* Logging into UMIACS [[ActiveDirectory]] Windows Domain (pc.umiacs.umd.edu) computers
* Logging into UMIACS [[ActiveDirectory]] Windows Domain (pc.umiacs.umd.edu) computer
* [[Email/Exchange | Exchange]] Mail Service
* [[Email | Email]] Mail Service
* [[VPN]] Service
* [[VPN]] Service


Your account might be shown in two ways,
Your account might be shown in either of these two ways depending on the application you are using:
 
* PC\username
* PC\username
* username@pc.umiacs.umd.edu
* username@pc.umiacs.umd.edu
depending on the application you are using.


==Updating your [[ActiveDirectory]] Password==
==Updating your [[ActiveDirectory]] Password==
Line 19: Line 15:
https://intranet.umiacs.umd.edu/password/ad
https://intranet.umiacs.umd.edu/password/ad


You can also update your [[ActiveDirectory]] Password from the Windows Security portion of a pc.umiacs.umd.edu domain desktop or server. This can be found in two ways,
You can also update your [[ActiveDirectory]] Password from the Windows Security portion of a pc.umiacs.umd.edu domain desktop or server. This can be found in two ways:


* If you are physically sitting at the host you can press the hardware control sequence all at once
* If you are physically sitting at the host, you can press the hardware control sequence:
    
    
   <CTRL><ALT><DELETE>  
   <CTRL><ALT><DELETE>


* If you are logging in remotely this instead becomes
* If you are logging in remotely this instead becomes:


   <CTRL><ALT><END>
   <CTRL><ALT><END>
Line 32: Line 28:


==Password Policies==
==Password Policies==
We have the following policies in regards to our [[ActiveDirectory]] passwords:


We have the following policies in regards to our [[ActiveDirectory]] passwords,
* Minimum Password Length : 8 Characters (more is allowed)
 
* Minimum Character Classes : 3 Character Classes
* Minimum Password Length : 8 Characters
<tt>This requires that your password is a minimum of 8 characters (it can have more just not less)</tt>
* Minimum Character Classes : 3 Character Classes
**English uppercase characters (A - Z)
**English uppercase characters (A - Z)
**English lowercase characters (a - z)
**English lowercase characters (a - z)
Line 43: Line 37:
**Non-alphanumeric (For example: !, $, #, or %)
**Non-alphanumeric (For example: !, $, #, or %)
**Unicode characters
**Unicode characters
* Number of Previous Passwords Kept: 5
* Password does not contain 3+ characters from account name.
<tt>[[ActiveDirectory]] will store your last 5 passwords and will not let you set a new password to them, please choose a new password.</tt>
 
* The password does not contain three or more characters from the user's account name
'''Please note''': [[ActiveDirectory]] will store your last 5 passwords and will not let you set a new password to them.


==Password Security==
==Password Security==
[[ActiveDirectory]] Kerberos security depends on the security of your password. Although Kerberos can make secure access to services convenient, it is still your responsibility to secure your password. Please try to choose a strong password and use secure protocols
[[ActiveDirectory]] Kerberos security depends on the security of your password. Although Kerberos can make secure access to services convenient, it is still your responsibility to secure your password. Please try to choose a strong password and use secure protocols.

Revision as of 21:13, 20 December 2016

Windows Authentication is based on Kerberos standard authentication but with some extensions. Your UMIACS Kerberos5 account is different from your ActiveDirectory account and the password for each can vary independently.

Your ActiveDirectory authentication is used in a variety of different places:

Your account might be shown in either of these two ways depending on the application you are using:

  • PC\username
  • username@pc.umiacs.umd.edu

Updating your ActiveDirectory Password

If you do not have an open session on a UMIACS Windows host, you can update your ActiveDirectory password from this website:

https://intranet.umiacs.umd.edu/password/ad

You can also update your ActiveDirectory Password from the Windows Security portion of a pc.umiacs.umd.edu domain desktop or server. This can be found in two ways:

  • If you are physically sitting at the host, you can press the hardware control sequence:
  <CTRL><ALT><DELETE>
  • If you are logging in remotely this instead becomes:
  <CTRL><ALT><END>

You can then choose "Change a password..." to update your ActiveDirectory authentication.

Password Policies

We have the following policies in regards to our ActiveDirectory passwords:

  • Minimum Password Length : 8 Characters (more is allowed)
  • Minimum Character Classes : 3 Character Classes
    • English uppercase characters (A - Z)
    • English lowercase characters (a - z)
    • Base 10 digits (0 - 9)
    • Non-alphanumeric (For example: !, $, #, or %)
    • Unicode characters
  • Password does not contain 3+ characters from account name.

Please note: ActiveDirectory will store your last 5 passwords and will not let you set a new password to them.

Password Security

ActiveDirectory Kerberos security depends on the security of your password. Although Kerberos can make secure access to services convenient, it is still your responsibility to secure your password. Please try to choose a strong password and use secure protocols.