Hi @Shantharao ,

Hope you are doing great.

To enhance security around user account password resets in ServiceNow, follow these steps:

1. Disable Password Editing for Admins:

   • Restrict admin access to edit passwords from the user list grid.
   • This can be achieved through ACLs (Access Control Lists) to control who can modify the password field.

2. Restrict Admins from Setting Their Own Password:

   • Prevent admins from using the "Set Password" feature on their own accounts.
   • This can be enforced through a business rule or a client script that checks if the user is an admin and restricts this action.

3. Implement SMS Notifications:

   • Set up a notification system to send SMS alerts to nominated users whenever an admin resets a password using the "Set Password" feature.
   • Use an SMS gateway service and integrate it with ServiceNow using REST APIs or a dedicated integration app.

Dear Shantharao,

@Shantharao , hope you're doing great!

A) Disabling edit rights to the Password from the user list grid currently available to admins:

1. Navigate to System Administration > Security > Roles.
2. Open the role that you want to disable edit rights for.
3. Click the Table Access tab.
4. Find the sys_user table and click the Edit button.
5. In the Table Fields section, find the Password field and check the Read Only checkbox.
6. Click the Update button.

B) Disabling Set Password to admins on their own account:

1. Navigate to System Administration > Security > Scripts.
2. Click the New button.
3. Enter a name and description for the script.
4. Select the Business Rule script type.
5. Add the following code to the Script field:

if (current.user.hasRole('admin') && current.sys_id == current.user.sys_id) {
  current.addInfoMessage('Administrators are not allowed to reset their own passwords.');
  current.setAbortAction(true);
}

      6. Click the Save button.

      7. Attach the business rule to the sys_user table.

C) Sending an SMS to a nominated list of users whenever an admin password is reset via the Set Password feature:

1. Navigate to System Administration > Notifications.
2. Click the New button.
3. Enter a name and description for the notification.
4. Select the Email notification type.
5. In the Recipients section, click the Add button and select the users that you want to send the SMS to.
6. In the Message section, add the following text:

An administrator password was reset via the Set Password feature on [date and time].

     7. Click the Save button.

Once you have implemented these security measures, you can be more confident that your user accounts are protected from unauthorized password resets.

Kindly, please mark my solution as Helpful/Correct, if applicable. If I could help you with your Query then, please hit the Thumb Icon and mark as Correct!!!

Thanks & Regards, 

Revanth. K

Product Test Automation Engineer

Hello @Shantharao ,

To control the "Set Password" feature in a user record in ServiceNow, you can follow these steps:

1. Navigate to the User table by typing "sys_user.list" in the left navigation filter.

2. Open the user record for which you want to control the "Set Password" feature.

3. In the user record, you will see a "Password" field. This field is used to set or change the password for the user.

4. To control who can set or change the password, you need to modify the ACL (Access Control List) rules for the "Password" field.

5. Navigate to "System Security > Access Control (ACL)".

6. Search for the ACL rule that controls the "Password" field in the User table. The name of the ACL rule would be something like "sys_user.password".

7. Open the ACL rule and modify the "Roles" field to control who can set or change the password. For example, if you want only admins to be able to set or change the password, you can add the "admin" role to the "Roles" field.

8. Save the ACL rule.

Please note that modifying ACL rules requires security_admin rights (you need to elevate role)

Please mark this answer correct & helpful, if it resolves your query

Thank you