Categories Reviews

Review: Specops uReset Active Directory self-service password reset solution

Product homepage and free trial offer: click here

When users forget their passwords or lock themselves out of their accounts, fixing the problem can be both inconvenient and costly. Estimates of how much revenue is lost to password resets vary widely, but Gartner Group estimates that password resets account for 20 to 50 percent of all help desk calls. Similarly, Forrester Research estimates that a single password reset costs about $70 in labor.

The actual cost of a password reset varies from company to company, based on a number of different factors. Regardless of what the actual cost is, however, the bottom line is that there are very real costs associated with every password reset.

Specops Software helps companies reign in these costs with a product called uReset. uReset is designed to work with Specops Authentication, a hosted multifactor authentication platform, and gives users a self-service portal through which they can reset their password or even unlock their account.

Preparation process

Using Specops uReset requires a customer account to be created within the Specops cloud. Because I had previously reviewed another Specops product, I already had an account. As you would probably expect, I had no trouble using my existing Specops account to write this review. Having said that though, it is worth noting that uReset is designed to work in conjunction with Specops Authentication. As such, using my existing account was more than just a convenience, it was a necessity. uReset cannot function without Specops Authentication as it is one of three services that are integrated into the MFA platform.

In case you are wondering, creating the required Specops account is relatively easy and mostly just involves providing information such as the organization’s name and domain name, as well as the primary contact person’s name and email address. This process also requires you to enter a mobile phone number. Upon doing so, Specops sends a numeric code to your phone via text message. This code is then used to complete the account creation process.

Once you have created a customer account, it’s time to begin configuring uReset. Not only is this process completely intuitive, you really don’t have to do much (assuming that you are utilizing one of the other services that utilize Specops Authentication).

One of the nice things about uReset (and Specops Authentication too for that matter) is that it does not force you to abandon your existing group policy settings. When you configure uReset, you can choose between cloud mode, group policy mode, or a combination of both. Cloud mode assigns all users the same rules for resetting passwords, while group policy mode allows different rules to be applied to different users, depending on which group policy applies to them. The combined mode tries to process group policy first but resorts to using cloud policy if no group policy settings are found. You can see what the configuration process looks like in the first screenshot. For this review, I decided to use cloud mode.

Choose which policy mode you wish to use.

The next step in the configuration process is to choose the identity services that you want to leverage. This process is integral to Specops Authentication. If you have not seen it before, then the process probably needs a bit of explaining.

Select the identity services that you want to use in the enrollment and authentication processes.

When a user enrolls into Specops Authentication, they do so by using multiple identity services. For example, a user might provide their Facebook account or their Twitter account credentials during the enrollment process.

Each identity provider is assigned a star rating. For a user to be enrolled, the user must be authenticated using a sufficient number of identity providers to meet the administrator configurable enrollment star requirement.

Similarly, when a user is authenticated into the system, they must authenticate through a sufficient number of identity providers to meet the administrator configurable authentication star requirement. You might have noticed in the screenshot above that more stars are required for enrollment than for authentication. The reason for this is that a user can pick and choose which identity services to use during the authentication process. If for example, a user has lost their cell phone, they can still authenticate without it, simply by selecting other identity services that were registered during the user’s enrollment.

As you look back at the first screenshot shown in this review, you will notice that the uReset interface contains a Notifications tab and a Settings tab. The Notifications tab allows password reset notifications to be generated. The Settings tab, which is shown below, is used to enable or disable the Change Password feature.

Settings tab contains the option to enable the Change Password feature.

End-user experience

Although I usually focus my product reviews on the administrative side of things, uReset is a user-facing tool, so I wanted to take a moment and show you what the end-user experience looks like.

As previously noted, uReset is designed to work in conjunction with Specops Authentication. When an end-user visits the authentification page, they are shown a screen asking if they need a new password, need to recover their key, or need to be enrolled in Specops Authentication. You can see what this screen looks like in the screenshot below. As an alternative, users can access the password reset capabilities independently of the browser by going directly through the Specops Authentication Client, which is accessible from the Windows Start menu.

This is the screen that the end-user sees when they visit the Specops Authentication page.

To take advantage of uReset, the user would click on the New Password button. At this point, the user is taken to a screen presenting several different options. If the user knows their current password and just needs to change it, the user would click the I Know My Password button. Similarly, if the user has forgotten their password, then they would simply click on the I Forgot my Password button.

This is the password screen.

Although self-service password reset capabilities have existed in various products for a number of years, the user interface element that really drew my attention was the My Account is Locked Out button. Typically, once a user has been locked out of their account, they have little choice but to contact the help desk. With uReset however, a user who has been locked out of their account can click on the My Account is Locked Out button, and be taken to a screen that can help them to regain access to their account.

The verdict

It has become customary to conclude my product reviews by giving the product a star rating, ranging from zero to five stars, with five stars being the highest possible score. Based on my evaluation, I chose to give Specops uReset a score of 4.8 stars, which is a Gold Star award.

The main thing that made me decide on this particular score was that I liked that the product was so simple. It does exactly what it is supposed to do, without any needless complexity standing in the way of efficiency.

From the standpoint of the end-user, there is no ambiguity involved in the process of regaining access to their account. The user simply clicks on the appropriate buttons, proves their identity, and is back online in a matter of a couple of minutes.

From an administrative standpoint, uReset integrates seamlessly with Specops Authentication. Assuming that the administrator has already configured Specops Authentication, there is almost nothing additional that the administrator has to do to make uReset work.

Rating 4.8/5

Brien Posey

Brien Posey is a freelance technology author and speaker with over two decades of IT experience. Prior to going freelance, Brien was a CIO for a national chain of hospitals and healthcare facilities. He has also served as a network engineer for the United States Department of Defense at Fort Knox. In addition, Brien has worked as a network administrator for some of the largest insurance companies in America. To date, Brien has received Microsoft’s MVP award numerous times in categories including Windows Server, IIS, Exchange Server, and File Systems / Storage. You can visit Brien’s Website at: www.brienposey.com.

Share
Published by
Brien Posey

Recent Posts

Top 5 startups providing cloud-based multifactor authentication

As cyberattacks grow in number and severity, organizations are embracing multifactor authentication. These startups are leaders in identity protection.

3 hours ago

Why you cannot use an Exchange server name in your SSL certificate

You haven’t been able to use Exchange server names on SSL certificates for some time. Here’s what you can do…

6 hours ago

PowerShell parameters: Controlling the input of your scripts

PowerShell has options to control the input and save code from being validated during execution. This tutorial looks at the…

23 hours ago

AWS unveils Graviton2, a blazing-fast processor to power its cloud

At its re:Invent conference in Las Vegas, AWS had some big news on a new datacenter processor. The Graviton2 has…

1 day ago

Restoring Microsoft Teams data: A step-by-step guide

Restoring Microsoft Teams data is not simple, given the number of places data is stored. Luckily, the addition of private…

1 day ago

Raccoon Stealer malware newest business email compromise attack

A simple yet versatile malware called Raccoon Stealer that bypasses anti-spam filters looks like it is going to be a…

2 days ago