Adding PWM, a Free Password Reset Tool, to a Windows Network

People asking you to reset their passwords all the time?

Would it lighten your workload to have them reset it themselves with a web-based interface?

Trying to implement a better password policy to break your users out of bad practices?

Well, there’s a Microsoft service that can handle this for you. But there are license costs. And it turns out that it’s actually not even as good as the open source alternative: PWM. This is a very powerful, self-service password reset tool that integrates with your existing MS Active Directory infrastructure using LDAP.

This guide will show you how to configure PWM start to finish with SSL cert installation and MYSQL database setup included.

I will be using Ubuntu Server 16.04 for this guide. I have tried with 18.04 but with varying degrees of success. It seems that 18.04, at the time of writing this article, has some compatibility issues with some of the packages that get installed in the process.

The official installation instructions are actually pretty good – even a Windows guy like me could figure out most of it. But I got stuck a bit trying to configure the SSL certificates and configuring PWM to use a remote database. Having taken the effort to figure these bits out, I wanted to share what I’d done to make it easier for the next guy 🙂

Read more “Adding PWM, a Free Password Reset Tool, to a Windows Network”

Making Remote Desktop Connections More Secure

The Remote Desktop Connection features in Microsoft Windows allow staff on the road, all over the world, to access their workstation. The productivity benefits of this are obvious.

The security implications are also obvious. Get this wrong and you are handing over full control of the machine to bad people who will harm you if they can profit from it.

So what’s the right way to go about this?

Read more “Making Remote Desktop Connections More Secure”

IP Addressing for a Small Business That Might Grow

The keystone of a well-designed network that can grow is a future-proofed IP addressing scheme.

Central to this are the two main tenets of Consistency and Hierarchy. These are vital to making your network coherent and orderly and assists in all manner of troubleshooting and planning issues.

It might be fine for your home network or small business to use a Class C (192.168.1.0) private addressing scheme for right now, and maybe for a while.

In the real world, this tends to be something that doesn’t get changed until it absolutely has to – at which point your network’s already grown to hundreds of devices. That’s large enough that changing the addressing scheme will always be a massive pain in the neck, taking hours upon hours of work and getting in everyone else’s way.

I’ve been a part of IP Addressing scheme changes in the past. It sucks. It takes forever, it’s tedious as hell for the poor saps who have to do it, and expensive for whoever foots the bill. And there is always bound to be things that go wrong and things you miss.

It’s always better to do things right the first time! So why not start with a scheme that can take you all the way from your small suburban office to an underground global headquarters where you torture British spies while patting a white fluffy cat.

Start it off right and you never have to make significant changes to it again.

Read more “IP Addressing for a Small Business That Might Grow”