Reset Disclosed Passwords with LSS
In our organization we have some very security sensitive managers, one of whom was wholeheartedly for Local Security Solution (LSS). However, he quickly became concerned that passwords, after being disclosed, were opening security holes. While limited to those computers, he was still concerned enough and he has enough pull to have this issue block our full implementation of Local Security Solution. Therefore, it quickly became important to address his issues. Instead of upping our password reset interval for everyone, I came up with the idea of just reseting those passwords that had been disclosed.
After looking through the default LSS reports I found one that almost immediately fit our needs. After ripping it apart I was able to come up with a collection of computers that have had their current Local Security Solution passwords disclosed.
The SQL data for the query is below:
SELECT dbo.vComputer.guid
FROM dbo.vLSS_CurrentDisclosedUserPassword INNER JOIN
dbo.vComputer ON dbo.vLSS_CurrentDisclosedUserPassword.ComputerGuid = dbo.vComputer.Guid
After working the collection out it was as easy as setting up a Software Delivery Task (or a Task Server Task) to run the following command line.
"C:\Program Files\Altiris\Altiris Agent\Agents\LocalSecurity\AltirisLSSAgentUtil.exe" /cyclePasswords /sendInventory
All in all it was quite easy, but I thought I'd share to make sure others (especially those like me who might miss the simple things) would be able to get it to work. The collection was the tricky part as the report couldn't translate directly.
About Endpoint Management Community Blog
The Endpoint Management Community Blog is the perfect place to share short, timely insights including product tips, news and other information relevant to the Endpoint Management community. Any authenticated Connect member can contribute to this blog.
Comments
Excellent!
Very nice work Skakid! We also set our LSS up with a Notification Policy that emails the primary user of the workstation when the local Admin password has been disclosed. I think it was made into a KB with a rough template. I did another one to email the past 24 hours' disclosures that is kind of handy too.
Thanks,
Kyle
Symantec Trusted Advisor
For Forum threads, please click "Mark as Solution" if answered.
For all content, please give a thumbs up if you agree with or support the post.
That's funny I was looking
That's funny I was looking into making something just like that second notification policy you talked about.
The next major step in my tech tip for some admins would be getting that disclosure information back onto your client managing NS in cases where you have Helpdesk Solution on a separate box.
- Matt
Local Security 6.2 Enhancements
Skaid good work on this post.
I thought I would share some information on LSS 6.2 in relation to automation for these exact type of scenarios as a lot of work has been done to really assist/drive automation.
- all LSS actions are natively exposed as Task Server tasks
- There is a new ability to "Check-out/Check-in" a password (which stops the cycling of the password whilst its checked out)
Whilst all LSS events today are exposed natively within NS, it is pretty difficult to leverage this as a customer. In LSS 6.2 Task Management integration on all events has been performed so as to enable “workflow”. Some examples include:
1. Reminder email to person who has password checked-out when the cycling of a password fails because of the checkout
2. Initiation of Server tasks when a password is disclosed (such as to send an email to the Primary user of the associated computer)
3. Initiation of Server tasks when a password is checked-in (such as to initiate a immediate password cycling on the client)
There is also quite a bit of functionality outside this scope in 6.2. Expect to see LSS 6.2 'hit the street' in Q4.
That's nice. I was
That's nice. I was thinking of working up a Tech Tip to delay the resets, but the functionality you're talking about would definitely be better. No chance of help with the event forwarding in the next version eh?
- Matt
Event Forwarding
Just need some clarification in regards to "event forwarding": are you talking about "inventory events" (such as password history) or just plain old "inventory" (such as current password)? The 'events' I referenced above are also 'NS Events' which is also a different kettle of fish.
Any which way I probably don't have any great news: if you are talking about "inventory forwarding", whilst there is a KB article about it for LSS, there really isn't any native NS infrastructure available for Solutions to 'publish' recommended inventory forwarding configuration. This may change in NS7 with the whole new data replication model.
If you are talking about "inventory events" being forwarded, it is not possible in NS6. It was available in NS5.X and is set to return in NS7.
Events like the disclosure
Events like the disclosure of a password, but also events like SWD events. I'd like to forward the disclosure history from my Helpdesk server (which is getting my passwords from my managing NS using the article you mention) back to the managing NS.
It sounds like NS7 will be my target for this one.
Thanks for the info.
- Matt
Would you like to reply?
Login or Register to post your comment.