EnVision System Password Change Process Documentation
I know that Professional Services has created a powershell script for this. Not sure if it can be released here or not. I'll ask.
As for how often? That is up to the customer. Usually companies have a policy, so I would think you would adhere to that, specifically for generic/service accounts.
Ok, so I got approval from the PS person who created the script. Keep in mind that there is no support for this script.
Requirements (not documented):
- This script must be run as an account that is configured as an administrator (and Domain Admin) on all systems, including the NAS. This normally means the Administrator account (which is pre-created on the NAS). Contact support to obtain the password for this account on the NAS if you do not know it. This is the only administrator on the NAS by default I believe. I have manually created an administrator account on all servers and given it admin rights and the same password (like the other accounts require)
- This script requires Powershell to be installed on an enVision server. I run this from the D-srv normally. Not sure if that is a requirement or not.
- The winSSHD functionality does not work by default with this script. You are welcome to tweak the code as you need.
I will post my customized version next.
enVision is just a set of Windows servers. If you use the script, it should work just fine. That said - you should already have all the passwords known (documented somewhere) so you can undo any issues.
It's not going to fail catastrophically to a point where only a system restore will fix it - you just have to correct the passwords and restart the services.
But if your server admins are scared of server changes, then I probably can't help you.
You can follow the steps in RSA enVision Hardware Setup and Maintenance Guide (page 69).
You need change in all appliance (D-Srv, A-Srv, LCn, RCn) and update the nic_sftp and nic_sshd cache password in the WindSSHD control panel