Cybersecurity
DevOps Cloud
IT Operations Cloud
#=============================================================
# EXE/ID: accounts.google.com
# Name: Gmail
# Type: Web
# Version: 1
# Created By: Fred Patterson NetIQ Consulting
# Purpose: web script example of password policy enforcement, random password generation, and automated password change to a random password after 45 days
#
#
# example of password complexity: 7aP\x@omhAJ<yUpd_R-p4fX;I1
# To use the script you need a credential called "pwdchangeTime" with the MS time format. Example 1409007708.
# Default is to change the password every 45 days. The example time format listed above would set the password to be expired on the initial login.
# password policy needs to be created and called gmailPwdPolicy
#
# Thoroughly test script across a handful of workstations prior to deploying to a large number of users. No substantial testing was performed with this script. NetIQ support and ##consulting are in no way liable for the use of this script.
# This script is to be used as a guide in building out a solution.
#=============================================================
###########################################################
## BeginSection: "Evaluate Password age" -- Custom script
## Site line: We are specifying that the site has to be mail.google.com/mail. As most people use their mail frequently, this is a good page to check password age as it would be hit ##often
## MatchURL line: looks for anything for the mail.google.com being in the URL.
##
## We use the Subtract and divide commands to calculate how many days since the password was last changed. The value 86400 is the number of seconds in a day.
## ?CurrTime(System) is getting the number of seconds since 1970, based on MS Windows time parameters. This should work regardless of the directory being used to store ##data.
## If it has been more than 45 days, we will direct the user to the change password site
###########################################################
Site "mail.google.com/mail" -initial
MatchURL -regex "mail.google.com"
Set ?changetime $pwdchangeTime
Set ?current ?CurrTime(system)
Subtract ?Current ?changetime ?timea
Divide ?timea 86400 ?timeb
# Uncomment the MessageBox line below to see the values of the variables
#MessageBox current time: ?Current ---- password change time: ?changetime ----- timea: ?timea ----- timeb: ?timeb
If ?timeb Gt 45
ClearSite Gmail
GoToURL "https://accounts.google.com/b/0/EditPasswd"
EndIf
EndScript
##########################################################
## BeginSection: "Change Password" --Custom Script
## RestrictVariable command allows for the password to conform to the password policy. When a user initially sets their password on first login, they
## don't have to meet the complexity. However, if the pwdchangeTime value is out by default over 45 days, it will force the random password change immediately
##
## For troubleshooting purposes we allow for the LastPasswordChangeTime to be available so that it can easily be read as to what date the password was last changed
## After the password change is completed, we redirect them to their mail so that they will not attempt to change their password. If they go to the accounts password ##page to manually change their password, the script will detect this and automatically direct them to and automatically change their password again.
##########################################################
Site “accounts.google.com/b/0/EditPasswd”
MatchURL -regex "accounts.google.com/b/0/EditPasswd"
## Modify the below MessageBox line to have it conform to your policies and guidelines.
MessageBox "Only corporate gmail accounts can be accessed from this computer. The System is changing the Password for gmail to a random password. Do not interfere in this process or it may lead to you not being able to login. The single sign on software will automatically log you in to the gmail system upon successful authentication"
RestrictVariable $Passwordnew gmailPwdPolicy
Set $PasswordBackup $Password
Type $Password #1
ChangePassword $Passwordnew Random
Type $Passwordnew #2
Type $Passwordnew #3
Submit
Set $Password $Passwordnew
Set $pwdchangeTime ?CurrTime(system)
ConvertTime ?CurrTime(system) ?LastPwdChangeTime
Set $LastPwdChangeTime ?LastPwdChangeTime
GoToURL "https://mail.google.com/mail"
MessageBox "The password change is complete. Thank you, you may continue accessing your mail"
endsite
#=============================================================
# EXE/ID: accounts.google.com
# Name: Gmail
# Type: Web
# Version: 1
# Created By: Fred Patterson NetIQ Consulting
# Purpose: web script example showing password policy enforcement, random password generation, and automated password change to a random password after 45 days
#
#
# example of password complexity: 7aP\x@omhAJ<yUpd_R-p4fX;I1
# To use the script you need a credential called "pwdchangeTime" with the MS time format. Example 1409007708.
# Default is to change the password every 45 days. The example time format listed above would set the password to be expired on the initial login.
# password policy needs to be created and called gmailPwdPolicy
#
# Prior to deploying in a production environment, thoroughly test the script across several pilot and lab workstations prior to deploying to a large number of users.
# This script is to be used as a guide in building out a solution.
#=============================================================
## BeginSection: "Login Form" --- default from Web Wizard
Site "Gmail" -initial
DebugPrint "Conducting Match on login form Gmail"
MatchForm #1 -name ""
MatchField #1:17 -type "email" -name "Email"
DebugPrint "Matched Field 'Email'"
MatchField #1:18 -type "password" -name "Passwd"
DebugPrint "Matched Field 'Passwd'"
MatchField #1:19 -type "submit" -name "signIn"
DebugPrint "Matched Field 'signIn'"
EndSite
DebugPrint "Successfully matched login form Gmail"
SetPrompt "Email"
FocusInput #1:17
TextInput #1:17 -value "$username"
DebugPrint "Performed entry action TextInput $username into control id#1:17"
SetPrompt "Password"
FocusInput #1:18
TextInput #1:18 -value "$password"
DebugPrint "Performed entry action TextInput $password into control id#1:18"
SetPrompt "Please edit your login variables."
FocusInput #1:19
PressInput #1:19
DebugPrint "PressInput action performed"
EndScript
## EndSection: "Login Form"
## BeginSection: "Login Form" --- default from web wizard
Site "Gmail" -recent 5000
DebugPrint "Conducting Match on login form Gmail"
MatchForm #1 -name ""
MatchField #1:17 -type "email" -name "Email"
DebugPrint "Matched Field 'Email'"
MatchField #1:18 -type "password" -name "Passwd"
DebugPrint "Matched Field 'Passwd'"
MatchField #1:19 -type "submit" -name "signIn"
DebugPrint "Matched Field 'signIn'"
EndSite
DebugPrint "Successfully matched login form Gmail"
if -exists $username
Displayvariables $username $password
Endif
SetPrompt "Email"
FocusInput #1:17
TextInput #1:17 -value "$username"
DebugPrint "Performed entry action TextInput $username into control id#1:17"
SetPrompt "Password"
FocusInput #1:18
TextInput #1:18 -value "$password"
DebugPrint "Performed entry action TextInput $password into control id#1:18"
SetPrompt "Please edit your login variables."
FocusInput #1:19
PressInput #1:19
DebugPrint "PressInput action performed"
EndScript
## EndSection: "Login Form"
## BeginSection: "Login Form" --- default from web wizard
Site "Gmail" -subsequent
DebugPrint "Conducting Match on login form Gmail"
MatchForm #1 -name ""
MatchField #1:17 -type "email" -name "Email"
DebugPrint "Matched Field 'Email'"
MatchField #1:18 -type "password" -name "Passwd"
DebugPrint "Matched Field 'Passwd'"
MatchField #1:19 -type "submit" -name "signIn"
DebugPrint "Matched Field 'signIn'"
EndSite
DebugPrint "Successfully matched login form Gmail"
MessageBox "Do you wish to re-login?" -YesNo ?Result -DefaultNo
If ?Result Eq "No"
EndScript
EndIf
SetPrompt "Email"
FocusInput #1:17
TextInput #1:17 -value "$username"
DebugPrint "Performed entry action TextInput $username into control id#1:17"
SetPrompt "Password"
FocusInput #1:18
TextInput #1:18 -value "$password"
DebugPrint "Performed entry action TextInput $password into control id#1:18"
SetPrompt "Please edit your login variables."
FocusInput #1:19
PressInput #1:19
DebugPrint "PressInput action performed"
EndScript
## EndSection: "Login Form"
###########################################################
## BeginSection: "Evaluate Password age" -- Custom script
## Site line: We are specifying that the site has to be mail.google.com/mail. As most people use their mail frequently, this is a good page to check password age.
## MatchURL line looks for anything for the mail.google.com being in the URL.
##
## We use the Subtract and divide commands to calculate how many days since the password was last changed. The value 86400 is the number of seconds in a day.
## ?CurrTime(System) is getting the number of seconds since 1970, based on MS Windows time parameters
## If it has been more than 45 days, we will direct the user to the change password site
###########################################################
Site "mail.google.com/mail" -initial
MatchURL -regex "mail.google.com"
Set ?changetime $pwdchangeTime
Set ?current ?CurrTime(system)
Subtract ?Current ?changetime ?timea
Divide ?timea 86400 ?timeb
# Uncomment the MessageBox line below to see the values of the variables
#MessageBox current time: ?Current ---- password change time: ?changetime ----- timea: ?timea ----- timeb: ?timeb
If ?timeb Gt 45
ClearSite Gmail
GoToURL "https://accounts.google.com/b/0/EditPasswd"
EndIf
EndScript
##########################################################
## BeginSection: "Change Password" --Custom Script
## RestrictVariable command allows for the password to conform to the password policy. When a user initially sets their password on first login, they
## don't have to meet the complexity. However, if the pwdchangeTime value is out by default over 45 days, it will force the random password change immediately
##
## For troubleshooting purposes we allow for the LastPasswordChangeTime to be available so that it can easily be read as to what date the password was last changed
## After the password change is completed, we redirect them to their mail so that they will not attempt to change their password. If they go to the accounts password
##page to manually change their password, the script will detect this and automatically direct them to and automatically change their password again.
##########################################################
Site “accounts.google.com/b/0/EditPasswd”
MatchURL -regex "accounts.google.com/b/0/EditPasswd"
## Modify the below MessageBox line to have it conform to your policies and guidelines.
MessageBox "Only corporate gmail accounts can be accessed from this computer. The System is changing the Password for gmail to a random password. Do not interfere in this process or it may lead to you not being able to login. The single sign on software will automatically log you in to the gmail system upon successful authentication"
RestrictVariable $Passwordnew gmailPwdPolicy
Set $PasswordBackup $Password
Type $Password #1
ChangePassword $Passwordnew Random
Type $Passwordnew #2
Type $Passwordnew #3
Submit
Set $Password $Passwordnew
Set $pwdchangeTime ?CurrTime(system)
ConvertTime ?CurrTime(system) ?LastPwdChangeTime
Set $LastPwdChangeTime ?LastPwdChangeTime
GoToURL "https://mail.google.com/mail"
MessageBox "The password change is complete. Thank you, you may continue accessing your mail"
endsite