We use the LDAP integration with Active Directory so all of the password changes and restrictions are handled within that; however there is a 'User Password Management Configuration' within the AR System Administration Console under the System General section where it looks like you can configure how the system enforces the passwords and restrictions within Remedy. I have never used this, but may be something you want to check out.
We also have a compliance module where it cuts tickets for our support teams with specific instructions on things they need to review, the Remedy specific tickets includes a review of all the AP Role groups that we have created as well as support groupsto make sure they are still accurate with members and needed going further, and a review of specific logs. These tickets are setup to run daily, weekly, monthly, semi-annually, and annually depending on the compliance need. For removing people in and out of groups once they have left our company we used to have a manual task created for our Remedy Admins within the Termination service request, but now we use OIM (Oracle Identity Manager) to remove all permissions, support group association, functional roles, and ap:role member association. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"