1
Password Requirements?
Question asked by Joshua Parker - 11/5/2014 at 6:12 PM
Answered
I inherited responsibility for our mail server and previously there were no password requirements.  I would like to turn this on and be able to notify any users who do not meet the requirements.  
 
 
 
 
 
 
 
 
 
 
However when I check password policy compliance only 3 users are listed.  My guess is that number should be closer to 300.  How is compliance checked?  Is there a way to force a check if one of the requirements is changed?  I know for a fact that there are far more than 3 users not in compliance for the given domain.

7 Replies

Reply to Thread
1
Employee Replied
Employee Post
Hi Joshua,
 
When testing in version 13.0, I see that the Password Policy Compliance list is automatically and immediately updated when I change the password requirements. I believe this should function the same way in older versions as well. Which version are you currently running? 
 
One thing you might do to test out whether this is working correctly in your version is change your Minimum Password Length to something very large, such as 25. Click Save, go back to the Manage section and make sure you click the Password Policy Compliance button in the navigation pane again (this will refresh the list). You could also go a step further and create a test user with a password that does not meet the requirements (you'll be able to do this if you're logged in as the System Admin, as password requirements do not apply to Sys Admins). Then check back on the compliancy list to see if that user is listed. 
 
I would suspect that increasing the password length to that high of a value would show a large jump in non-compliant users. It did for me when testing it out. Please let me know what you find. If there is no change in the number of non-compliant users I would recommend opening a support ticket so we can look into this more for you as this is not expected behavior.
 
As a side note, in the latest major release, SmarterMail 13.0, we added new password policy features that you may be interested in. Version 13.x now includes the ability to set a password expiration, notify users when their password needs to be updated, and disable outgoing SMTP for users in violation. 
0
Joshua Parker Replied
I am running 12.2.5283 currently. When I changed the password length to 35 the number did jump to 82 but should have jumped to include all users as I am sure no one has a password of that length. I will be updating to SM13 soon so I will wait to see if that solves the issue before opening a ticket. Thanks for the reply.
0
Steve Reid Replied
Do you have any users authenticating through AD?
0
Joshua Parker Replied
I do not.
0
Employee Replied
Employee Post Marked As Answer
Joshua,
 
On any of the those accounts that are not showing up on the list, do you have the option "Disable password changes" enabled?  Any accounts with that option set will not be shown as violating password requirements for the fact they can't change the password anyway.
0
Joshua Parker Replied
I will check on this and see. I know initially we had disabled password changes but have since changed that policy. I will attempt to propagate the setting to all users and see if that changes anything.
0
Joshua Parker Replied
Sorry for the delay in updating this. I see the issue is indeed that Disable password changes is set for a large number of users. My issue now is that the propagate settings does not seem to change this when I attempt to push it to all users.

Reply to Thread