Jamf Nation Community

craig_george · ‎04-23-2013

When deploying Sophos Safeguard with SSO (ticking auto login), how will a user know when their AD password is about to expire. My users are notified 10 days out from the 60 day password policy in AD. This notification appears on the logon screen but if you are using Safeguard to auto login via SSO how will a user know when their password needs to be changed.

Trying to avoid the headache of just letting passwords expire you know what happens with Keychain when that happens.

mm2270 · ‎04-23-2013

I'm not familiar with SafeGuard with SSO, so can't say for sure but it sounds similar to how FV2 works in that the users don't get the usual login username and password screen, but instead log directly into their account after unlocking. If so, perhaps some of the existing tools out there, like ADPassMon might help your users out. (http://yourmacguy.wordpress.com/adpassmon/)

Short of that, you could probably script something that would determine password expiration and if within a certain number of days, display a message to the user. Since its still all AD based, I assume the user's password details are stored in the same location in AD. For example, last password change is in an attribute called "dsAttrTypeNative:pwdLastSet" If so, you can likely create a script to notify users. There are threads on here that discuss the details of making that work.

craig_george · ‎04-23-2013

Yeah I looked at ADPassMon in the past but as a large enterprise I don't always like going with some 3rd party non-signed product but in this case its either Encryption with SSO or not SSO.. I will try SSO and see how ADPassMon works thanks.

tkimpton · ‎04-23-2013

We use Sophos SafeGuard and I tried ADPassMon but didn't work well for me and confused users with the opened dialog box.

We use Password Reminder Pro by sysoptools to send alert emails to all our users.

I like Mikes idea with a pop up notice.

Jamf Nation Community

Sophos Safeguard w/SSO + AD Password expiration notification