Nexthink Recognized by SIIA as the Best Digital Employee Experience Platform Learn more

Learn more

Learn more

cookie alert

We use cookies to offer you a better browsing experience, analyze site traffic, personalize content, and serve targeted advertisements. If you continue to use this site, you consent to our use of cookies.

Nexthink Library

User Login Management

Back

User Login Management

Latest Version: 3.2.1.0
|
Updated on February 28, 2024
Install

Description

This Library pack is a collection of different Remote Action scripts which help troubleshooting common login issues and ensure compliance.Please use the links on the left menu to learn more about the function and range of action of each script.

Versions

  • 3.2.1.0 - 28 Feb 2024 - Updated OS requirements
  • 3.2.0.0 - 22 Jul 2022 - Added support for local users on domain joined computers for "Invoke Proactive Password Reset" Remote Action
  • 3.1.0.0 - 23 May 2022 - Deprecating Python in favour of OSAScript for "Kerberos Password Expiration Reminder" Remote Action
  • 3.0.0.0 - 19 Apr 2022 - Added "Kerberos password expiration reminder" Remote Action
  • 2.4.0.1 - 25 Oct 2021 - Updated campaign urgency and version for "Invoke Proactive Password Reset" Remote Action
  • 2.3.0.1 - 18 Oct 2021 - Improved "Remove Credentials from Credentials Manager" Remote Action by setting "Password reset page" as an optional parameter
  • 2.2.0.1 - 21 Jun 2021 - Minor bugfix and enhancements to the proactive password reset Remote Action
  • 2.2.0.0 - 02 Jun 2021 - Minor bugfix and updated the proactive password reset Remote Action to now support macOS
  • 2.1.2.0 - 02 Jun 2021 - Fixed "Invoke Proactive Password Reset" Remote Action
  • 2.1.1.0 - 31 Mar 2020 - Fixed "Invoke Proactive Password Reset" Remote Action documentation
  • 2.1.0.0 - 23 Mar 2020 - Improved the outputs in "Invoke Proactive Password Reset" Remote Action
  • 2.0.0.0 - 13 Nov 2019 - Added "Remove Credentials From Credential Manager" Remote Action
  • 1.0.1.0 - Bugfix of "Invoke Proactive Password Reset" Remote Action
  • 1.0.0.0 - Initial release

Required Products

Nexthink Act
Nexthink Engage

Platforms

Windows 7 and newer
MacOS Catalina and newer

Compatibility

V6.14 and later

This Might Interest You

Workflow: Windows 11 migration
New

Orchestrate the Windows 11 migration process with automated compatibility checks and pre-to-post migration user engagement.

Released on April 11, 2024
View Library Pack

Workflow: Device assignment verification
New

Orchestrate the verification and update of device assignee information in the ServiceNow Hardware Asset Management database through a dedicated workflow.

Released on April 10, 2024
View Library Pack

Invoke Proactive Password Reset

Script Description

Checks password expiration date and if it is within the time frame provided by the input parameter, runs a campaign to warn the user (providing link to reset the password).

Execution context and suggested scheduling

Run the script as 'interactive user'. The script should be executed manually.

A timeout of 720 seconds is recommended.

Parameters

Label Description
Campaign Id ID of the campaign to notify the user that the password is about to expire and to provide the URL to reset it
Days Until Expiration Number of days left for the password to expire. If expiration date is inside this time frame, the campaign is run
Maximum Delay In Seconds Maximum random delay set to avoid domain controller overload. Provide number of seconds less than 600
Password Expiration Policy In Days Number of days for the password to expire since it is set

Outputs

Label Type Description
Days Until Expiration Int Number of days left until password expiry
Password Never Expires Bool Returns if the user password never expires

Test Scenarios

PasswordIsValid
Test Case Account password is within time range
Environment Windows 7 x86/x64 multiple languages, Windows 10 x64 (1809, 1903)
Results Password verified, no action taken and outputs updated.
PasswordExpiresSoon
Test Case Account password is about to expire
Environment Windows 7 x86/x64 multiple languages, Windows 10 x64 (1809, 1903)
Results Campaign is displayed and outputs updated.
PasswordIsExpired
Test Case Account password is expired
Environment Windows 7 x86/x64 multiple languages, Windows 10 x64 (1809, 1903)
Results Notification sent via execution status and no action taken for the user.
PasswordAboutToExpire
Test Case User password is about to expire
Environment macOS 10.14 EN
Results Success - The user receives a campaign asking to renew their password because it is about to expire
PasswordNotExpiring
Test Case User password age is recent
Environment macOS 10.14 EN
Results Success - No campaign sent to the user because the password is not expiring before the expected number of days

Get Failed Logins

Script Description

Obtains information about all failed login attempts. The script can be successfully executed only on devices with 'Audit Logon Events' policy enabled and Windows 10 or Windows 7 installed.

Execution context and suggested scheduling

Run the script as 'local system'. The script should be executed manually.

A timeout of 720 seconds is recommended.

Parameters

Label Description
Maximum Delay In Seconds Maximum random delay set to avoid overloading server hosting virtual machines. Provide number of seconds less than 600

Outputs

Label Type Description
Failed Logins StringList Information about failed login attempts (user name, event time, logon failure status code, logon type code)
Failed Logins Count Int Number of failed login attempts. It always shows full number of failed logins even when number of displayed events in 'FailedLogins' output parameter has been truncated due to limited output capacity

Restrictions

Further Information

Parameter 'MaximumDelayInSeconds' can be used to add random script execution delay. It should be used on servers hosting virtual machines to spread the number of I/O requests over time.
Microsoft website provides information about logon failure status codes and logon type codes.

Remove Credentials From Credential Manager

Script Description

Removes stored user credentials from Windows Credential Manager.

Execution context and suggested scheduling

Run the script as 'interactive user'. The script should be executed manually.

A timeout of 120 seconds is recommended.

Parameters

Label Description
Campaign Id UID of informative campaign about clearing stored user credentials. Provide empty guid to skip display of the campaign

Outputs

None.

Further Information

This Remote Action uses cmdkey.exe tool to delete the credential.
Credentials containing spaces and hyphens cannot be removed due to a limitation of the tool.
The campaign can be customized to offer the user a website where to reset the password.

Test Scenarios

CampaignDisplayed
Test Case UID of target campaign provided
Environment VM Windows 7 x64 (Multi-language) - VM Windows 10 x86/x64 (Multi-language) (1803/1809/1903)
Results Success - Before execution, informative campaign was displayed. Remote Action completed without user action.
Windows10CredentialManagerEmptied
Test Case Empty guid provided
Environment VM Windows 10 x86/x64 (Multi-language) (1803/1809/1903)
Results Success - Web Credentials and Windows Credentials for current user was emptied.
Windows7WindowsCredentialsEmptied
Test Case Empty guid provided
Environment VM Windows 7 x64 (Multi-language)
Results Success - Windows Credentials for current user was emptied

Kerberos password expiration reminder

Script Description

Checks password expiration date and if it is within the time frame provided by the input parameter, runs a campaign to warn the user (providing a link to reset the password).This script is compatible with devices running Kerberos user management.

Execution context and suggested scheduling

Run the script as 'interactive user'. The script should be executed every 1 day.

A timeout of 120 seconds is recommended.

Parameters

Label Description
Campaign Id ID of the campaign to notify the user that the password is about to expire. This input can be set to empty (-) to avoid notifying the user
Days Until Expiration Number of days left for the password to expire. If expiration date is inside this time frame, the campaign is triggered

Outputs

Label Type Description
Days Until Expiration Int DaysUntilExpiration

Test Scenarios

DeviceIsUsingKerberos
Test Case The target device is using Kerberos and password is about to expire
Environment VM macOS 10.16
Results Success - The user was notified that the password is about to expire
DeviceIsNotUsingKerberos
Test Case The target device is not using Kerberos
Environment VM macOS 10.16
Results Success - The IT admin was informed that the user is not joined to any Kerberos domain/realm