Re: Can you override the Password hardening Wizard?

Robert Milanovich · ‎06-21-2004

How can you override the password hardening wizard in 4.0(4)? I know you can change the user's passwords to anything, but the templates seem to get hard-coded by the wizzo.

Hin Lee · ‎06-21-2004

It's not a good thing to do but here it is.

On the left pane under SUBSCRIBERS, select Account Policy. Uncheck "Check against trivial passwords for extra security".

Go back to the subscriber templates, and change "Password for new Windows accounts" to whatever you want.

I have to stress that trivial password is not a good thing.

H. M.

adignan · ‎08-25-2004

Yeah, that is fine for the Windows Password, but after you run this Wizard, you cannot change the Template to allow trivial passwords for the Unity Subscriber account. Anyway at all around this after the Wizard is run?

jhatfield · ‎06-30-2004

When prompted by the CUICA to do this, close out CUICA. Remote the CUICA link from the desktop and startup, then remove the CUICA.tmp folder from the hard drive. This prevents CUICA from launching on startup.

You'll need to run the integration manager manually to perform the PBX integration, but it is a small price to pay. Once the PW hardening sets the passwords you can't override them. At least we have not found a way yet, it must be a registry setting somewhere.

adignan · ‎08-26-2004

Yeah, that is fine for the Windows Password, but after you run this Wizard, you cannot change the Template to allow trivial passwords for the Unity Subscriber account. Anyway at all around this after the Wizard is run?

adignan · ‎08-26-2004

I can understand the need and benefit of the Password Hardening Wizard locking down the initial password for Windows Accounts, but it would be nice to still be able to have a trivial password for the initial Unity password. Any chance of getting around this or changing this in the future.

bbickerstaff · ‎09-09-2004

Has there been a work around for this.

I have had several customers that do not want trival passwords enabled. they want there default password (to setup unity) to be 111 and no exceptions.

after installing 4.04 the only way around this was to use the bulk edit utility and change there passwords to 111. The problem is within the template, if they want to add users going forward they have to re-produce unwanted steps.

Is there a work around?

k6lw · ‎09-09-2004

All my new subscribers receive the same "trivial" password. They are also required to change it to a Non-Trivial one. How we did it.

Log in as Admin.

Go to system and change the password setting to not check for trivial passwords.

Save the changes.

Go to subscriber templates and set the "default" password to any trivial password you want and save it.

Go back to the system password check and reset it to check for trivial passwords, minimum length, etc. and save again.

Now any new subscriber gets the :"trivial" password, but they won't be able to change it to another trivial.

I may have the exact places where to do this messed up as I'm not where I can look at my settings. I hope this is what you are trying to do.

Bottom line is the new user gets a 4-digit password, but they are required to replace it with a minimum 6-digit password, and 123456 won't be accepted.

Lee

Ginger Dillon · ‎09-09-2004

Hi -

Some additional information I experienced:

Unity upgrade from 4.0(3) to 4.0(4) does not enforce the hardened passwords. The upgrade honors your current User Template initial Unity password. However, it is enforced on NEW installs of 4.0(4).

Regards,

Ginger

lindborg · ‎09-10-2004

Hey folks - just trying to get a handle on this. You _should_ be able to change the subscriber templates post install (even on a new install) if you've indicated no trivial PW checks on the PW policy page in the SA. Is that not the case for your sites (my box seems to allow this - it's a new install).

Are you guys running into this bug? http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCef48843&Submit=Search

you'd be noticing a pop up error dialog when you went to change the phone PW on the template - which I don't see noted here.

Just looking to get a better feel for what you guys are seeing since I'm not seeing it here.

lindborg · ‎09-10-2004

Actually, looks like the issue you're talking about was already spotted in the release version of 4.0(4) by QA:

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCef07484&Submit=Search

I'll check to see if this is going to be rolled into an ES or an SR on 4.0(4) (it's currently marked for fix in the 4.0(5) release).

t.polimine · ‎09-17-2004

i have had success for what you are describing. I went into SQL Ent. Manager, open the UnityDB, find the table for Templates, right click - return all rows, and in there you can modify the template password even if the trivial password is enabled.

Tom....

darren.staples · ‎10-17-2004

thanks, that worked

bphelps · ‎09-25-2004

Does anybody see any problems with not completing CUICA? Manual callmanager integration is easy, client doesn't care about hardened passwords so I can skip that. I've done everything else in the CUICA. Can I safetly skip out on the rest, or does it do some cleanup or hidden finalization that is important for Unity to work, or possibly could have ramifications for later?

Kevin Love · ‎11-29-2004

Another way to bypass running the wizard (if you haven't already done so) is to close the CUICA and create a registry key here:

HKEY_Local_Machine\Software\ActiveVoice\CUCA\PasswordWiz

Create a DWORD value called HasCompleted and assign it a hex value of 1. Log off and log back in and when the CUICA runs automatically, the "Set Default Passwords" box will be checked and it will have moved on to the next step. I just tried it (a TAC suggestion) and it seems to have worked like a charm!

All the best!

Kevin