Best way to disable Password Reset and Password Change?

bpippert · ‎05-03-2017

We recently upgraded from Helsinki to Istanbul. As a result, the following application was activated by default: https://docs.servicenow.com/bundle/istanbul-it-operations-management/page/administer/login/concept/c...

We have no need for this plugin, and would like all functionality regarding it to be disabled. We have no need for this since we use LDAP integration for passwords. What is the most complete way to do that? Do we have to disable the public pages, catalog items, processes, ui scripts, etc? Or, is there an easier global way to do this? If we have to manually disable things, does anyone know where a complete list might be?

bpippert · ‎05-11-2017

The answer I got from HI was this link:

https://{your instance}/sys_metadata_list.do?sysparm_query=sys_package%3D7b02eba4132232007df3bae32244b0e7%5EGROUPBYsys_class_name&sysparm_first_row=1&sysparm_view=

It is up to us, to decide what, of the 1223 application files, we should inactivate.

Since we were given no guidance from HI, we will probably just inactivate all the UI Actions, Public Pages, Application Menu, and Catalog Items. We will also change the System Property - glide.security.forgot_password.display.link to false.

View solution in original post

BALAJI40 · ‎05-03-2017

I guess we can disable the plugin. The best suggestion from my side was, ask the HI support team and address your issue. They will give the clear instructions on this, what are all we need to do.

denis hoffmann · ‎08-24-2017

Hi Brad,

With the same concern here, find only how to hide modules ( as in How to Disable Password Reset in application menu )

but maybe there is a workaround :

@Chuck (ctomasi) has something there : Modify Password Change Page (pwd_change.do)

Maybe you can't disabled reset/change password option, but you can set what processes are enabled to do it,

and enable it only for particular groups ( in the process record, if "Apply to all users" is unchecked, you can set usergroups in related list instead.)

if not an allowed group member your receive this warning when you ask for reset or change; "User is not part of this password reset process" or "Change Password Error : Change password is not configured in your environment".

Your instance is using "user name" login to check if user asking for reset is member of one of theses groups.

( if not already logged, it's the first question asked on external public form )

Not sure if it's in the best practices ... don't cut off all accesses if you need it. Test before apply.

april16 · ‎05-05-2017

So, I was having this issue today when both my instances all of a sudden started showing extra items in both the application menu and service catalog. You can't right click on the catalog item and configure to deactivate and I couldn't for the life of me find them in Maintain Items. So, I went to Maintain Catalogs, picked the catalog it was in, and in the list I selected the category it was showing in (for me it was Report a Problem or Issue) and found them there. I then made active "false". They finally went away. I also made the Password Reset application menu in the left nav only available to the Security Admin (me).

bpippert · ‎05-05-2017

Did you also disable all the new public pages, as well as the UI to change password on the profile page? As you have found, there are multiple places this plugin inserts itself. I am looking for the complete solution. I am still waiting on any response from HI.

april16 · ‎05-05-2017

No. Once I did the above, I didn't find any more instances that my users could access. I am not using the CMS or SP though. I'd be interested to hear what they say when they answer though. I cancelled my incident since I think I fixed it for my purposes.