HIPAA compliance deals with the set of principles that help healthcare organizations devise policy and means to protect electronic healthcare records of patients. It provides federal protection of individually identifiable health information. Therefore, any and all organizations that have to deal with personal health information (PHI), i.e. if they either store, process or transmit such information, will have to comply with Health Insurance Portability and Accountability Act and protect all such data. However, HIPAA doesn’t endorse any particular technology or tool for protecting PHI. If your organization deals with any such data, you need to ensure this compliance with due diligence to avoid financial penalties. 

On a general note, these are the few points that you need to take care to avoid HIPAA failure:

     • Formulate a separate stricter security policy for the resources and the infrastructure that deal with PHI
    • Monitor all the User activities and try to figure out the loop holes that can lead to unauthorized access.
    • Conduct regular risk assessment to find out the vulnerable points in your IT infrastructure.
   • At the end-user level, all employees need to be made aware of the HIPAA guidelines and its importance
       to prevent security breach on account of lackadaisical approach on their part.
    • Employees need to update their latest information in the Active Directory to prevent misuse of their old
      contact information.

If we analyze Windows security in the light of these points, we find that there are some loopholes in the Windows security which can be taken advantage of by malicious Users. As we can see here, the most important point is to ensure security of the data which can be achieved by ensuring security of the Windows network. As per the scope of the article, let’s see how Active Directory self-service tools can be helpful in ensuring HIPAA compliance.

     • Active Directory self-service tools allow end users to update their current personal information to get
        any alert or update at their current contact address.
     • Administrators can devise very strict Account unlock and Password expiry/reset policies to prevent
        credential theft and unauthorized access.
     • They generate many informative reports such as locked out users, users with expired password, time
        since the Users reset their password and many others which help administrators to get the actual status
       of the User Account.
     • They also provide a centralized notification service to guide end users to strictly adhere to the security
        policy devised to ensure HIPAA compliance.

Most of the Active Directory self-service software come with these features that can go a long way in ensuring HIPAA compliance; for example, you can download and try Lepide Active Directory Self Service ( http://www.lepide.com/active-directory-self-service/ ) to meet HIPAA requirements along with other AD self-service features.

Self-Service Password Reset solution is a technology which enables domain users to unlock their account password by themselves, often authenticating with an alternate procedure, instead of seeking assistance from IT helpdesk. Such solutions, found a dime a dozen these days, mostly function the same way. Here’s a typical scenario:

A user forgets his account login password; now instead of calling at helpdesk or raising an IT ticket, he directly resets his password on his own by answering the preset security questions linked with his account password settings through a browser. Since, this process is typically web-based; a user must launch a web browser to fix the problem and for that he/she needs to access a system—but ironically the user actually cannot log in to his workstation until the problem is solved.

That’s a classic paradoxical situation. Thus, a big hurdle faced by organizations is enabling users to access a workstation if they forgot their primary password. There are a few ways to address this Catch-22. “A catch-22 is a situation in which someone is in need of something that can only be had (sic) by not being in need of it”, as explained in Wikipedia. This term was originally coined by Joseph Heller in his 1961 satirical novel Catch-22.

What are the alternatives?

The first option is to use a coworker’s workstation. The user who has forgotten his password can request his colleague to allow access to his system, open a browser and reset his password using his client portal. But this is a risky business as ideally a user is designated to access only his workstation. A potential intruder may take advantage of this situation and get along with a lot of unethical information if the actual user is physically absent or oblivious to his intentions.

Another solution is vouching upon the coworker instead of actually performing it on his/her workstation. Users need to authorize coworkers in advance as who can reset their account password on their behalf. This can typically help in a situation where a user who is physically away from the corporate network and forgot his PC's login password, an authorized co-worker can resolve the issue. However, in this scenario, the problem lies in determining which users should have the ability to authorize whom. Along with, the traditional method of calling at helpdesk alternative always remains but doesn’t that fail the whole self password reset paradigm.

So, what can be an ideal solution?

An ideal solution would be allowing users to tackle the workstation availability paradox without choosing alternate options. A relatively better option is to let users reset their password directly from their logon screen itself, typically the ALT+CTRL+DEL screen. Users are presented with a restricted web browser at their login screen with the only possibility to reset his password without logging into the system.

Lepide Active Directory Self-Service uses this advanced technology to allow users to not look further and easily perform password reset and account unlock activity from their logon screen itself. Users can also update their Active Directory attributes through their client portal. Since, this kind of technology directly allows access to computer resources, precisely a web browser, to reset passwords without first authenticating to the computer; security must be of high priority.

To see how Lepide Active Directory Self Service performs and ensures complete security while performing self-service activities, visit http://www.lepide.com/active-directory-self-service/

Active Directory consists in itself thousands of users and domains. It serves as a security guard against the catastrophic elements that might harm the information system of the organization. A user needs a username as well as a password for logging into any computer on the Active Directory Domain. In case the user forgets the login details the Active Directory cannot be accessed by him/her. However, forgetting the passwords of accounts or Active Directory is a common issue encountered by every second person. 

But not to worry, there are solutions available to reset Active Directory password. Manually there are two ways that can be used to reset a user password:

  1. With the help of Windows interface:
  2. Step 1: Double click on Active Directory Users and Computers
    Step 2: Now, click on the user account within the console tree
    Step 3: Within the details pane, right-click on the user whose password needs to be changed and then select Reset password
    Step 4: Type the new password and confirm. Tick the checkbox User must change password at next logon if you want the user to change password at the next logon process as well
  3. With the help of a command Line:
  4. Step 1: Click Start -> Run and type cmd in the text box. Then click OK
    Step 2: In command prompt, type dsmod userUserDN-pwdNewPassword
    Note: UserDN is the unique name of the user for which a password will be assigned or reset and NewPassword is the password which is assigned in place of the current password
    Step 3: If the user needs to change password at next logon process as well then type:
dsmod userUserDN-mustchpwd{yes|no}

The aforementioned are the manual ways of resetting the Active directory passwords within the Windows OS. Apart from these native methods, there are other simpler ways of changing/resetting the password as well i.e. with the help of a commercial tool such as Lepide Active Directory Self Service software which is dedicated for this purpose. It enables the user to instantly set the new password without taking any permissions or help from the administrator. To reset a new password, the software asks the user to enter ‘New Username’, ‘New Password’ and ‘Confirm Password’. After providing these

Let’s consider a real life practical working scenario wherein when you try to reset passwords on an account using the Active Directory Users and Computers Snap-in, you completely fail to do so and get the following error message instead:

Windows cannot complete the password change for Userx because:The password does not meet the password policy requirements. Check the minimum password length, password complexity, and password history requirements.”
Now that we have come to know the error message, let’s discuss the primary cause behind the occurrence of the above mentioned error message.
As a matter of fact, there can be many reasons behind the occurrence of the aforementioned error message. Some of them are as follows:
  • According to the password length policy, your password is quite short
  • Your chosen password is been used more than the number of times specified by the password history
  • There is no capital letter and number in your password
  • Either your password policy is being applied but not defined
  • Too restrictive domain security password policy
Now let’s come to the resolution part.
In order to verify and set the password policy settings, perform the below mentioned following steps:
  1. Start the Active Directory Users and Computers snap-in.
  2. Right click the name of the domain.
  3. Click the Properties.
  4. Click the Group Policy tab.
  5. Click the Default Domain Policy.
  6. Click the Edit button.
    The Group Policy Editor starts.

  7. Click Computer Configuration -> Windows Settings -> Account Policies -> Password Policy.
  8. Check the below mentioned settings:
    Minimum Password Length, Password History, Password Complexity
  9. Click the Ok button.
  10. Quit the Group Policy Editor.
  11. Quit the Active Directory Users and Computers snap-in.
Although, you can verify and set the password policy settings using the aforementioned steps, a far better option is to use a professional and proficient third party Employee self service portal tool to reset your account password.

Lepide Active Directory Self Service is a professional and efficient Employee self service portal tool that is devised to enable users easily reset their account passwords without any help from the system administrator. 

Local Users and groups management is a part of computer management in an organization where with the help of certain tools, an administrator can manage a single local or remote computer. As an administrator, you can use Local Users and Groups to securely manage user accounts and groups stored locally on your computer. A local user or group account can be utilized for assigning permissions and rights on a particular computer only. 

Managing local users always offers a lot of benefits; you can always keep a check on their activities and assign them certain permissions or limit their resource usage. Administrative rights enable a user to perform a set of actions using the computer, such as backing up files and folders or shutting down a computer. On the other hand, permission is a rule related to an object (such as file, folder or printer) and helps you regulate the users to have access to the object in required manner. Using your administrative powers you can limit the ability of users and groups to perform certain actions that act against the assigned rights and permission. 

However, you cannot view the Local Users and Groups to view the accounts once the member server has been promoted to a domain controller. But you can utilize the Local users and groups on a domain controller to target remote computers (that are not domain controllers) on the network. There are different Active Directory password reset software applications available in the market that help the users to manage their local accounts on the network and enables them to easily reset the passwords and enable or disable user accounts. 

Lepide Active Directory Self Service software is one such Active Directory password reset tool, using which you can disable local user accounts to temporarily restrict a user from logging in and when you disable the account, the user cannot use policy-protected documents or create or apply policies. Additionally, administrators can enable the disabled user accounts. Resetting password could have never been so easy, simply enter the administrative credentials and reset the password for the account that you want to. All this helps you in saving helpdesk costs and time by resisting downtime.


Without any doubt, today Active Directory is considered as the most important part of any company's infrastructure. If we talk in context of current scenario, the network set-up within an organization is constantly expanding and getting complex. With this expansion of network set-up, managing tasks like updating personal information in Active Directory, password reset or unlock account is getting more complex and time consuming for the administrator. 

Recent studies show that in almost every next organization, the administrator spends almost 30 percent of his time either in resetting employees’ forgotten passwords or unlocking their locked out accounts. Overall, it can be said that IT administrator spends most of his working hours just in resolving these issues. 

For users, it is not always easy to get the password reset or account unlock request fulfilled quickly. There are times when the user has to wait for hours just to get these issues fixed by the administrator. Therefore, to avoid the downtime and productivity loss, the best approach that the user can follow is taking help of a third party active directory self service software. 

Today, there are many self service password reset tools available to provide a platform for AD self service. Choosing a proficient one like Lepide Active Directory Self Service (LADSS) can make things quite easy for the administrator and users as well. It is a secure and web-based Active Directory self service software, which allows user to update personal information in Active Directory, reset password and unlock account. As far as AD users are concerned, with self service facility they will be able to perform these tasks without taking help of the system administrator or help desk personnel. 

Using this active directory self service software, the administrator will be able to automate password reset more successfully. In fact, the tool can make it possible for organizations to reduce the help desk cost and keep the administrator free for major and more important tasks.Read more http://www.lepide.com/self-password-management.html

It’s hard to deny the importance of maintaining or keeping Active Directory information correct and active. This Active Directory is very crucial for organization for many different reasons. Any user can employ Active Directory more like a corporate white pages service in order to regain any piece of information about their co-workers. Besides this, HR management can use the Active Directory information like department, city or state to keep informed about employees' benefit and payroll data, etc. But, to improve the quality of the information stored in Active Directory, it’s important an IT administrator keeps on updating it on a regular basis. 

Now, for administrators keeping Active Directory information current and updated can be a real big challenge. Performing any activity right from account provisioning, enforcement of proper AD security or even ensuring backup and restore capabilities might seem easy, but actually they are very complex processes. But, today with the help of the Self-Service interface program, the IT professional can tackle such unfavorable conditions with ease.

Recent studies show that in a single day, help desk or IT professionals are more involved in normal activities like resetting the expired passwords or unlocking different user accounts. They waste most of their valuable time in handling minor problems. In fact, the time that is involved in making just few changes in Active Directory in a week could easily add up to a lot of time spent each year. But, with an effective Active Directory self-service program, it is very much possible to carry out Active Directory self-service tasks from any location via a standard web browser. 

For IT administrators, no more deployment is required. With Active Directory self-service tool like Lepide Active Directory Self Service tool, all that he requires is just link to the Web Interface and then begin functioning with the employee’s data in Active Directory. The tool allows the administrator send email message to all employees in relation to any issue related to account information update, password reset in just one go.

Also, Active Directory Self-Service offers an all-inclusive reporting to assure compliance. Therefore, with this tool, you as an IT administrator will be capable to measure adoption across the board by having a look at how many users have self-registered. In fact, you can report and analyze trends in password resets and user update changes. What makes this tool more special is, it provides a very interactive GUI and bunch of functionality that simplifies Active Directory management and administration to a great extent. For more information - http://www.lepide.com/self-user-profile-management.html