Enzoic for Active Directory v3.2
The Settings page of the Enzoic Console allows you to modify settings that aren’t specific to a monitoring policy, such as the local DC’s proxy server settings, your organization’s Custom Password Dictionary, Administrative Notification settings, Enzoic Client settings, the DC used as the Delegate Server, and the 1-click NIST Compliance feature.
Network Settings Tab
This tab contains settings for the password change check timeout and the local DC’s proxy server settings.
- Password Check Timeout This setting controls the timeout when making calls to the Enzoic API during user password change operations. If this timeout is exceeded while waiting for a response from the Enzoic API, the operation will fail and the password change will be allowed through.
- Proxy Server Settings These are the proxy server settings in use for the DC that you are running the console on. Proxy server settings are stored locally to each DC and must be edited from the local Enzoic Console on that system.
Custom Password Dictionary Tab
The Custom Password Dictionary allows you to add words or terms you wish to block from inclusion in user passwords. These can be words specific to your business or your location, e.g. local sports teams, your city name, etc. If a user password contains one of these words, it will be rejected.
Admin Notifications Tab
This is the list of Administrator email addresses to be notified for administrative events. These events include:
- Detection of new user password compromise
- Summary of all users’ compromise status
- Alert about any service operation errors
An optional Periodic Summary report is also available that can be sent to the administrators in the list, if selected here. This report can be sent Daily, Weekly or Monthly. The Periodic Summary contains a digest of the activity for the time period covered: users with compromised passwords, users with compromised credentials, remediation actions being taken and their current status, etc.
Client Settings Tab
These are settings specific to the Enzoic Client, which is installed on user Windows systems. The Enzoic Client provides additional information to users on the Windows password change screen, including what the policy requirements are for a new password and the reasons a password was rejected. For more information on deploying the Enzoic Client, see Client Setup. The settings on this page control the following:
- Disable Enzoic Password Credential Provider This can be used as a bailout if for some reason a problem with the Enzoic Client is blocking a user from being able to sign into their system. Checking this allows you to temporarily disable the Enzoic Clients throughout this domain.
- Disable System Password Credential Provider This setting instructs the Enzoic Client to disable the default Windows system credential provider. This is a necessary step for the Enzoic provider to work properly and is generally recommended to leave on. If you have a 3rd party credential provider installed on Windows clients in your organization, you might want to disable this setting in order to disable the other credential providers in a different way.
Other Settings Tab
This page is where the 1-click NIST Compliance feature can be enabled or disabled and where you may change the DC currently set as your Delegate Server.
- 1-Click NIST Compliance Enabling this setting will enable a new widget on your Enzoic Console Dashboard, showing you your current NIST 800.63b compliance status. Any settings which are currently out of compliance will be called out there.
- Delegate Server The Delegate Server is the DC in your organization which performs the Password and Credentials Monitoring scans. These scans occur in an evenly spaced out manner over the course of the day and are generally a light workload on the server, but it is recommended to choose a lightly loaded or more powerful DC for this role to avoid introducing any potential performance problems.