ActiveDirectory: Difference between revisions

From UMIACS
Jump to navigation Jump to search
No edit summary
No edit summary
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
Windows Authentication is based on [http://web.mit.edu/kerberos Kerberos] standard authentication but with some extensions. Your [[Kerberos|UMIACS Kerberos5]] account is different from your [[ActiveDirectory]] account and the password for each can vary independently.
Windows Authentication is based on [http://web.mit.edu/kerberos Kerberos] standard authentication but with some extensions.


Your [[ActiveDirectory]] authentication is used in a variety of different places:
Your [[ActiveDirectory]] authentication is used to log in to a variety of different places:
* Logging into UMIACS [[ActiveDirectory]] Windows domain computers
* UMIACS-supported computers
* [[Email/Exchange | Exchange]] Mail Service
* UMIACS-supported web services
* [[VPN]] Service
* UMIACS [[VPN]]


Your account might be shown in either of these two ways depending on the application you are using:
Your account might be shown in either of these two alternate ways depending on the application you are using:
* UMIACS\username
* UMIACS\username
* username@ad.umiacs.umd.edu
* username@ad.umiacs.umd.edu
==Updating your [[ActiveDirectory]] Password==
If you do not have an open session on a UMIACS Windows host, you can update your [[ActiveDirectory]] password from this website:
https://intranet.umiacs.umd.edu/password/ad
You can also update your [[ActiveDirectory]] Password from the Windows Security portion of a domain desktop or server. This can be found in two ways:
* If you are physically sitting at the host, you can press the hardware control sequence:
 
  <CTRL><ALT><DELETE>
* If you are logging in remotely this instead becomes:
  <CTRL><ALT><END>
You can then choose "Change a password..." to update your [[ActiveDirectory]] authentication.
==Password Policies==
We have the following policies in regards to our [[ActiveDirectory]] passwords:
* Minimum Password Length : 8 Characters (more is allowed)
* Minimum Character Classes : 3 Character Classes
**English uppercase characters (A - Z)
**English lowercase characters (a - z)
**Base 10 digits (0 - 9)
**Non-alphanumeric (For example: !, $, #, or %)
**Unicode characters
* Password does not contain 3+ characters from account name.
'''Please note''': [[ActiveDirectory]] will store your last 5 passwords and will not let you set a new password to them.
==Password Security==
[[ActiveDirectory]] Kerberos security depends on the security of your password. Although Kerberos can make secure access to services convenient, it is still your responsibility to secure your password. Please try to choose a strong password and use secure protocols.

Latest revision as of 14:08, 25 August 2020

Windows Authentication is based on Kerberos standard authentication but with some extensions.

Your ActiveDirectory authentication is used to log in to a variety of different places:

  • UMIACS-supported computers
  • UMIACS-supported web services
  • UMIACS VPN

Your account might be shown in either of these two alternate ways depending on the application you are using:

  • UMIACS\username
  • username@ad.umiacs.umd.edu