Managing passwords (Windows)
You can manage the network security of backups in two ways:
• Associate specific backups to designated users.
• Rotate the password of the designated users on demand or automatically.
You can manage the list of users that have their passwords randomized. Once a password is rotated, no one will know what it is. This means the only way you can use this user name is by applying it to a backup through this feature.
IMPORTANT: When password rotation is applied to a user account, the account cannot be used to log on or as credentials on your network until an administrator manually resets the password in the computer management console of Windows.
When prompted, the DS-Client service changes the Windows password of the specified network user or computer user. When automatic password rotation is enabled, the DS-Client randomly selects a new password for the specified user at a frequency and within the constraints that you define in a rotation rule.
When password management is used, you must manage backups in the Password Management dialog box. You cannot use the Backup Set Properties dialog box because the password has changed.
NOTE: This procedure describes the pages in the Create User Wizard, which correspond to the tabs in the Modify User dialog box.
To manage passwords:
1. On the Setup menu, click Password Rotation.
2. In the Password Management dialog box, do one of the following:
• To add a user to the password management list, click Add.
• To modify a user in the password management list, select the user, and then click Edit.
NOTE: To delete a user from the password management list, select the user, and then click Remove. You cannot remove a user who is associated with a backup. You must remove the backup associations first.
3. On the Enter User Information page, do the following:
a) In the User Name box, type the user account from a computer or domain.
b) In the User From box, type the corresponding computer or domain where the user account is located.
c) In the Password box, type the current password for the user.
NOTE: The current password is required when adding a user account for the first time to enable the randomization.
d) In the Notes box, type any information about the user account.
e) Click Next.
4. On the Select Password Rotation Rule page, do the following:
a) To enable automatic password rotation, select the Enable Automatic Password Rotation check box.
NOTE: If you do not enable automatic password rotation, you must manually rotate the password for the user.
b) In the Available Password Rotation Rules dialog box, do the following:
• To add or modify a password rotation rule, click New or Edit. Type a name for the rule and define the length constraints for the password. To define a complexity rule, click Add. Select the minimum number of characters and the character set that must be included, and then click OK. To remove a rule, select the rule, and then click Remove.
• To apply an existing password rotation rule, select the rule, and then click Select.
c) In the Rotation Rule box, select the password rotation rule you want to apply to the user account.
d) In the Rotation Frequency box, enter the frequency at which the corresponding user account password is randomized.
e) Click Next.
5. On the Select Associated Backup Sets page, do the following:
a) Click Select.
b) Select the backups that you want to associate with the user, and then click OK.
NOTE: This will overwrite the Connect As setting in the Backup Set Properties for all selected backups.
c) Click Finish.
6. To rotate the selected user’s password immediately, click Rotate Now.
7. To update the list of passwords, click Refresh.
8. Click Close.