Administration Guide › Password Management › Synchronizing Passwords on Endpoints › Passwords on Windows

Passwords on Windows

CA IdentityMinder can intercept the password change of a native Windows account and propagate the new password to a user and all accounts belonging to that user.

When the Password Synchronization Agent detects a password change attempt, the agent intercepts the request and sends it to the Provisioning Server. The Provisioning Server then propagates the new password to the user and other accounts associated with that user.

Password synchronization has the following requirements:

• The Password Synchronization Agent must be installed on the system on which password changes are intercepted.
• The system must be managed as an acquired endpoint.
• The Password Synchronization Agent installed check box must be selected on the acquired Endpoint Settings tab.
• The accounts on the managed systems must be explored and correlated to CA IdentityMinder users.
• The environment must allow password changes to come from endpoint accounts. An administrator with access to the Management Console enables this feature.

Important! Use care in formulating password rules, so that one password applies to all systems. For example, if Windows passwords must be 12 characters, any system that accepts passwords only up to 10 characters will reject the change during synchronization.

The CA IdentityMinder Server is not aware of the password restrictions on the endpoint. When working with endpoint accounts, the password policy should be stricter than the password policy of the endpoints.