In the organizations running Microsoft Active Directory to list and manage network components such as Users, Computers etc. Administrators can hand over a number of tasks to delegate Users to share the load of administration. These tasks are usually the more mundane ones which are logged on daily basis and can be handled even by the junior IT staff. Password resets and Account Unlock are probably one of the most common tasks that occupy the Helpdesk issue list. According to a recent research by Gartner – a technology research firm, password related calls consume a major portion of the IT Helpdesk time. This is because for most of the organizations passwords still forms the front line of defense against unauthorized accesses to the computers and the vast amount of the business-critical data that they hold.
To ensure security of data and prevent unauthorized accesses organizations design complex password policies which in turn only lead to more Helpdesk calls related to password resets. What are the implications of large volume of helpdesk calls?
Consumes organizational resources to handle these calls.
Overall organizational productivity suffers as employees have to wait to get their password reset in the process increasing non-productive hours.
As the employees could not log into their system, important applications and services running on the computer are left unattended which might disrupt business operations.
So as an IT administrator what are the solutions that you can look at to handle this situation.
Firstly, administrators can delegate such tasks to junior staffs as it is a routine task which doesn’t require much effort. Even non-technical users can take care of these issues after a week’s training or so. Still that would still require a significant number of man-hours although cheap ones. For large organizations having hundreds of thousands of employees, you would need a team of dozens of employees to solve these issues within a reasonable period of time.
Secondly, you as an administrator can opt for specialized applications which are available as fully automated self-service utility to handle these issues. These applications delegate password reset and account unlock task to end-users who have to reset the password and unlock their account on their own. This comes across as plausible solution as it gives the control to end Users who can reset their password from their desktop or on their peers’ desktop, minimizing helpdesk calls and increasing employee productivity.
There are so many specialized solutions available in the market; before you decide to go for any particular one, you need to ensure that it is equipped with some highly desirable features:
Password reset through web-browser only after Users answer challenge questions successfully.
Centralized Admin control over what all questions can be used as challenge questions. What is your Employee code? What is the color of your car? – these types of questions should not be used as challenge questions.
It must notify users a specified period of time in advance before their password expires.
Multiple notifications should be sent incase Users ignore/miss the first notifications.
Notifications should be sent via multiple platforms like sms and email to eliminate the chances of non-delivery.
As organizations are divided in different functional areas, password expiry notifications and policies should be configurable at OU/Group level to allow diverse password expiry policy within an organization.
Not just end-Users even administrators should be informed of the impending password expiry for at least employees occupying managerial positions.
Customizable notification text for phased notification alerts to make it more compelling before the password expires.
Centralized console for batch password reset and auto account unlock.
Insightful reports presenting the “top-view” of the entire User Password/Account expiry/lockout scenario.
These are some of the important features that you must look for in your prospective specialized self-service password reset software. Besides, Employees should be properly trained on the password expiry and account lock out events handling policy of the organization. This will surely help you to reach the goal of “near-zero-password-expiry-helpdesk-tickets” helping you to implement organizational cost-cutting measures. Many of these applications are available in free trial. You can download and try free version of Lepide Active Directory Self Service which comes equipped with most of these features.