Yes, but not by default. Enzoic can be set up to screen passwords that are changed by administrators through Active Directory Users and Computers and via the Command Line. If you would like Enzoic to start screening password resets performed by administrators, see the instructions below:
- Open the Enzoic console and navigate to the Monitored Entities tab.
- Select the policy you wish to change.
- Click on the Password Changes tab.
- Check the box for 'Screen password resets performed by administrators'.
- Update the configuration.
Once done, admins that attempt to reset passwords through Active Directory Users and Computers with something that violates the policy settings or is compromised will receive the following message:
A few other related FAQs
1. If we have multiple policies, do all of the policies need to have this setting checked? Yes. Each policy acts independently from each other. This setting needs to be checked on every policy you wish to enforce this on.
2. Are passwords changed this way just screened against the backend for compromises? No, this is a full screen against the backend and against the policy that the user is in.
3. What if our admins are struggling to reset a user's password? As a workaround uncheck the setting and update the configuration. However, if this occurs often, you may want to reevaluate the password policy settings. Since this is the same screening process that your users are going through, if your admins are struggling to set a password, then your users most likely are as well.