• State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 62 subscribers
  • Views 6651 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Fine Grained Password Policies

Mr_Mike_48262
over 6 years ago

I'm disappointed to see that in ARS 7.2, still, the Generate Password function does not take into account Fine Grained Password Policies.

Has anyone else found a way to get around this? I have different departments that need to have different length passwords and our service desk don't like that the auto-generate function then gives the error saying that it doesn't match the complexity requirements (and I agree it's not ideal)

Looking at the Script Module "Generate User Password" I can see that it's possible fairly easily to force all generated passwords to a longer lengh, but I need it to either check the Fine-Grained Password Policy applied, or to be able to amend it and say something like - if the user is a member of group XXX, then it needs to be Y characters

In PS I'd find this fairly easy, but for some reason Quest still seem to be using VBScripts for this.......

Any suggestions or pointers would be very much appreciated.

Parents
  • 0 over 6 years ago

    I agree, a built in password generator would be a great addition, I've recently created a password generator similar to what you are looking for take a look and feel free to adapt it to your needs.

     

    #########################################################################################

    Zigabyte Fine-Grain Password Generator

    #########################################################################################

    function Get-Password()
    {
    Param(
    [String]$lSpecialChars = '!$%&/()=?*+#_',
    [String]$lNumberChars = '1234567890',
    [String]$lUpperChars = 'ABCDEFGHKLMNPRSTUVWXYZ',
    [String]$lLowerChars = 'abcdefghkmnprstuvwxyz',
    [int]$minPassWordLength = 8,
    [int]$maxPasswordLength = 8,
    [int]$numOfLower = 2,
    [int]$numOfUpper = 2,
    [int]$numOfNumbers = 2,
    [int]$numOfSpecial = 2,
    [bool]$mustBeginWithLetter = $True
    )



    # Ensure minPasswordLength -le maxPassWordLength
    if($minPassWordLength -gt $maxPasswordLength){'Minimum cannot exceed Maximum password length';return}

    # Check for Infinite Loop
    if($($numOfNumbers+$numOfLower+$numOfNumbers+$numOfSpecial) -gt $maxPassWordLength){'infinite loop';return}

    # Set Password to null
    $password = $null

    # Set Character Type Counters to 0 Prior to entering Loop
    $uCt = 0;$lCt = 0;$nCt = 0;$sCt = 0

    # Sets Legal Letter Characters
    [String]$lLetterChars = $lUpperChars + $lLowerChars

    # Sets Legal Password Characters
    [String]$lChars = $lSpecialChars + $lNumberChars + $lLowerChars + $lUpperChars

    # Loop to generate Random Password
    for($i = 1;$i -le $MaxPasswordLength;$i++)
    {
    # If first Character Letter is set to True
    if(($i -eq 1) -and ($mustBeginWithLetter -eq $True))
    {
    # Get Random First Letter
    $randomChar = [char](($lLetterChars).ToCharArray() | foreach{[byte][char]"$_"} | Get-Random)
    $password = $password += $randomChar
    }
    else
    {
    # varible to ensure equal distribution of character types
    $random = Get-Random -Minimum 1 -Maximum 5

    # Get Random Character
    switch($random)
    {
    1{$randomChar = [char](($lnumberChars).ToCharArray() | foreach{[byte][char]"$_"} | Get-Random);break}
    2{$randomChar = [char](($lSpecialChars).ToCharArray() | foreach{[byte][char]"$_"} | Get-Random);break}
    3{$randomChar = [char](($lUpperChars).ToCharArray() | foreach{[byte][char]"$_"} | Get-Random);break}
    4{$randomChar = [char](($lLowerChars).ToCharArray() | foreach{[byte][char]"$_"} | Get-Random);break}
    default{$randomChar = [char](($lChars).ToCharArray() | foreach{[byte][char]"$_"} | Get-Random);break}
    }

    #$randomChar = [char](($lChars).ToCharArray() | foreach{[byte][char]"$_"} | Get-Random)
    $password = $password += $randomChar
    }
    # Count Each Character Type
    if($randomChar -cmatch '[a-z]'){$lCt++}
    if($randomChar -cmatch '[A-Z]'){$uCt++}
    if($randomChar -match "[!$%&/()=?*+#_]"){$sCt++}
    if($randomChar -match '[0-9]'){$nCt++}

    # Check Password to ensure Minimum Password Length and Character Requirements have been met
    if(($password.Length -ge $minPassWordLength) -and (($lCt -ge $numOfLower) -and
    ($uCt -ge $numOfUpper) -and ($nCt -ge $numOfNumbers) -and ($sCt -ge $numOfSpecial)))
    {
    return $password
    }
    # If Password is equal to Maximum Password Length and Minimum Character Requirements have met Return Password, Else Get New Password
    elseif($maxPasswordLength -eq $password.Length)
    {
    if(($lCt -ge $numOfLower) -and ($uCt -ge $numOfUpper) -and ($nCt -ge $numOfNumbers) -and ($sCt -ge $numOfSpecial))
    {
    Write-Output $password
    }
    else{Get-Password}
    }
    else{continue}
    }
    }

     

    Zigabyte Corp.

Reply
  • 0 over 6 years ago

    I agree, a built in password generator would be a great addition, I've recently created a password generator similar to what you are looking for take a look and feel free to adapt it to your needs.

     

    #########################################################################################

    Zigabyte Fine-Grain Password Generator

    #########################################################################################

    function Get-Password()
    {
    Param(
    [String]$lSpecialChars = '!$%&/()=?*+#_',
    [String]$lNumberChars = '1234567890',
    [String]$lUpperChars = 'ABCDEFGHKLMNPRSTUVWXYZ',
    [String]$lLowerChars = 'abcdefghkmnprstuvwxyz',
    [int]$minPassWordLength = 8,
    [int]$maxPasswordLength = 8,
    [int]$numOfLower = 2,
    [int]$numOfUpper = 2,
    [int]$numOfNumbers = 2,
    [int]$numOfSpecial = 2,
    [bool]$mustBeginWithLetter = $True
    )



    # Ensure minPasswordLength -le maxPassWordLength
    if($minPassWordLength -gt $maxPasswordLength){'Minimum cannot exceed Maximum password length';return}

    # Check for Infinite Loop
    if($($numOfNumbers+$numOfLower+$numOfNumbers+$numOfSpecial) -gt $maxPassWordLength){'infinite loop';return}

    # Set Password to null
    $password = $null

    # Set Character Type Counters to 0 Prior to entering Loop
    $uCt = 0;$lCt = 0;$nCt = 0;$sCt = 0

    # Sets Legal Letter Characters
    [String]$lLetterChars = $lUpperChars + $lLowerChars

    # Sets Legal Password Characters
    [String]$lChars = $lSpecialChars + $lNumberChars + $lLowerChars + $lUpperChars

    # Loop to generate Random Password
    for($i = 1;$i -le $MaxPasswordLength;$i++)
    {
    # If first Character Letter is set to True
    if(($i -eq 1) -and ($mustBeginWithLetter -eq $True))
    {
    # Get Random First Letter
    $randomChar = [char](($lLetterChars).ToCharArray() | foreach{[byte][char]"$_"} | Get-Random)
    $password = $password += $randomChar
    }
    else
    {
    # varible to ensure equal distribution of character types
    $random = Get-Random -Minimum 1 -Maximum 5

    # Get Random Character
    switch($random)
    {
    1{$randomChar = [char](($lnumberChars).ToCharArray() | foreach{[byte][char]"$_"} | Get-Random);break}
    2{$randomChar = [char](($lSpecialChars).ToCharArray() | foreach{[byte][char]"$_"} | Get-Random);break}
    3{$randomChar = [char](($lUpperChars).ToCharArray() | foreach{[byte][char]"$_"} | Get-Random);break}
    4{$randomChar = [char](($lLowerChars).ToCharArray() | foreach{[byte][char]"$_"} | Get-Random);break}
    default{$randomChar = [char](($lChars).ToCharArray() | foreach{[byte][char]"$_"} | Get-Random);break}
    }

    #$randomChar = [char](($lChars).ToCharArray() | foreach{[byte][char]"$_"} | Get-Random)
    $password = $password += $randomChar
    }
    # Count Each Character Type
    if($randomChar -cmatch '[a-z]'){$lCt++}
    if($randomChar -cmatch '[A-Z]'){$uCt++}
    if($randomChar -match "[!$%&/()=?*+#_]"){$sCt++}
    if($randomChar -match '[0-9]'){$nCt++}

    # Check Password to ensure Minimum Password Length and Character Requirements have been met
    if(($password.Length -ge $minPassWordLength) -and (($lCt -ge $numOfLower) -and
    ($uCt -ge $numOfUpper) -and ($nCt -ge $numOfNumbers) -and ($sCt -ge $numOfSpecial)))
    {
    return $password
    }
    # If Password is equal to Maximum Password Length and Minimum Character Requirements have met Return Password, Else Get New Password
    elseif($maxPasswordLength -eq $password.Length)
    {
    if(($lCt -ge $numOfLower) -and ($uCt -ge $numOfUpper) -and ($nCt -ge $numOfNumbers) -and ($sCt -ge $numOfSpecial))
    {
    Write-Output $password
    }
    else{Get-Password}
    }
    else{continue}
    }
    }

     

    Zigabyte Corp.

Children
No Data