Contact us at 408.675.5020 or sales@identitymaestro.com

Home Page

Knowledge Base Search     Advanced

Fix: User can still login to Identity Maestro after user password is Reset in Manage or in Self-Service

Article ID: 1739
Last updated: 14 Aug, 2018

Background

It is possible to use both a new and old password to login to Identity Maestro. This is caused by a setting on the domain controller that allows for the old password to be used for authentification after a password reset occurs.

Note: This only affects the Identity Maestro client, users must use the new password to authenticate into workstations or other resources that have been updated during the password reset.

Problem

This problem occurs when the domain controller is configured to allow the usage of the old password after a password reset occurs. This is likely set so that if a password change occurs but hasn't fully propagated administrators will still be able to log into the server.

Resolution

This issue can be resolved by modifying the network NTLM settings on the domain controller where the passwords are being reset. This is done by directly modifying the Machine Registry Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.

  1. Open the Registry Editor.
  2. Locate and click the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa subkey.
  3. Click Edit > New > DWORD Value


     
  4. Type OldPasswordAllowedPeriod as the name of the new DWORD and press enter.
  5. Right-click OldPasswordAllowedPeriod and click Modify.


     
  6. Enter the value in minutes that you want to use before the old password expires and click OK.
    Note: To disable the old password leave the value as 0.


     
  7. Close the Registry Editor, the change will not require a restart in order to take effect.
This article was:   Helpful | Not helpful Report an issue


Article ID: 1739
Last updated: 14 Aug, 2018
Revision: 4
Views: 96
Comments: 0
print  Print email  Email to friend share  Share pool  Add to pool comment  Add comment
Also listed in
folder Identity Maestro -> How-to, Tips & Tricks, FAQ -> Admin: Troubleshooting
folder Identity Maestro -> How-to, Tips & Tricks, FAQ -> Manage: How-to

Prev     Next
Configure IIS to Improve the Default Website Performance       Admin: Troubleshooting