ActiveDirectory: Difference between revisions

From UMIACS
Jump to navigation Jump to search
No edit summary
No edit summary
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Windows Authentication is based on [http://web.mit.edu/kerberos Kerberos] standard authentication but with some extensions.  Your [[Kerberos|UMIACS Kerberos5]] account is different from your [[ActiveDirectory]] account and unless you set your passwords manually they will not be the same.
Windows Authentication is based on [http://web.mit.edu/kerberos Kerberos] standard authentication but with some extensions.


Your [[ActiveDirectory]] authentication is used in a variety of different places,
Your [[ActiveDirectory]] authentication is used to log in to a variety of different places:
* UMIACS-supported computers
* [[Email | UMIACS-supported email]]
* UMIACS-supported web services
* UMIACS [[VPN]]


* Logging into UMIACS [[ActiveDirectory]] Windows Domain (pc.umiacs.umd.edu) computer
Your account might be shown in either of these two alternate ways depending on the application you are using:
* [[Email | Email]] Mail Service
* UMIACS\username
* [[VPN]] Service
* username@ad.umiacs.umd.edu
 
** If you had an account prior to [[Windows Account Migration March 2018 | March 24th 2018]] and your mail was handled by our [[Exchange]] service on that day, this may instead show as username@pc.umiacs.umd.edu.
Your account might be shown in two ways,
 
* PC\username
* username@pc.umiacs.umd.edu
 
depending on the application you are using.
 
==Updating your [[ActiveDirectory]] Password==
If you do not have an open session on a UMIACS Windows host, you can update your password [[ActiveDirectory]] from this website:
 
https://intranet.umiacs.umd.edu/cgi-bin/changepass
 
You can also update your [[Active Directory]] Password from the Windows Security portion of a pc.umiacs.umd.edu domain desktop or server. This can be found in two ways,
 
* If you are physically sitting at the host you can press the hardware control sequence all at once
 
  <CTRL><ALT><DELETE>
 
* If you are logging in remotely you can access Windows Security by going to  
 
    Start->Settings->Windows Security...
 
You should get a screen that looks like this,
 
[[Image:WindowsSecurity.png]]
 
You can choose Change Password to update your [[ActiveDirectory]] authentication.
 
==Password Policies==
 
We have the following policies in regards to our [[ActiveDirectory]] passwords,
 
* Minimum Password Length :  8 Characters
<tt>This requires that your password is a minimum of 8 characters (it can have more just not less)</tt>
* Minimum Character Classes :  3 Character Classes
**English uppercase characters (A - Z)
**English lowercase characters (a - z)
**Base 10 digits (0 - 9)
**Non-alphanumeric (For example: !, $, #, or %)
**Unicode characters
* Number of Previous Passwords Kept:  5
<tt>[[ActiveDirectory]] will store your last 5 passwords and will not let you set a new password to them, please choose a new password.</tt>
* The password does not contain three or more characters from the user's account name
 
==Password Security==
[[ActiveDirectory]] Kerberos security depends on the security of your password. Although Kerberos can make secure access to services convenient, it is still your responsibility to secure your password. Please try to choose a strong password and use secure protocols

Revision as of 17:45, 11 March 2019

Windows Authentication is based on Kerberos standard authentication but with some extensions.

Your ActiveDirectory authentication is used to log in to a variety of different places:

Your account might be shown in either of these two alternate ways depending on the application you are using:

  • UMIACS\username
  • username@ad.umiacs.umd.edu
    • If you had an account prior to March 24th 2018 and your mail was handled by our Exchange service on that day, this may instead show as username@pc.umiacs.umd.edu.