Embracing and Extending Windows 2000


	•Since password changes need to be processed by a couple of machines, there is a delay between the time the user clicks the “CHANGE” button and the change actually appears on the end system. Most changes propagate to all systems in a minute or less. There is an additional propagation delay between windows domain controllers – this can be up to 15 minutes and is out of our control.
	•At present, the Windows password change daemon processes all outstanding requests, and then sleeps for a minute before checking for work. This is the major cause of the delay in processing. Also, since we are encrypting the passwords prior to queuing them, and then have to decrypt them before completing them, there is a measurable delay in processing. We sometimes get backlogs – especially during student orientation sessions where the instructor tells everyone in the room to change their passwords all at the same time.
	•This past spring, we rolled out a new web based account pickup system, where we send each new user a PIN which along with their social security number or date of birth allows them to pick up their account at any time. This greatly reduces the backlogs caused by everyone trying to change their passwords at the same time. The pickup web page puts the person on to the password changing web page – when I last checked, about 94% of the people changed their passwords after picking it up.
	•Using the database for all this processing again makes it easy to generate all sorts of statistics and reports on how this all gets used. In this graph, we are looking at about 15,000 password changes. Roughly half got processed in 60 seconds or less.
	•The account creation process results in some backlogs – account creations queue a “dummy” password change which takes processing time. We are considering a low priority queue for these.
	•We have had a couple of outages in the queue process – both as a result of server upgrades that required a restart (or re-install!) of the password changing daemon. Aside from that, the changing program has NEVER failed! These outages are why we never reach 100% on this graph.