Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

AD User Accounts, Passwords, OA/OWA and SharePoint

Posted on 2011-03-15
5
Medium Priority
?
249 Views
Last Modified: 2012-05-11
We're beginning to plan enforced, periodic password changes via Group Policies on a 2003 Domain, for example, change ever 90 days, enforce strong passwords, etc.  I noticed the Policy is located in the Computer group -- not the User group.

We have local users in the office as well as a number of remote users who use Outlook Anywhere (with Outlook), Outlook Web Access (via Browser) and SharePoint while some have Computers listed in AD and others have their own laptop that are not apart of the domain.  They do not VPN into our network.

When it gets close to 90 days, I know local users will be prompted via Windows login to change their passwords and even get advanced warnings.  Will the same happen for OA/OWA and SharePoint users using Outlook and/or Internet Explorer -- on Workgroup and Domain Computers?  SharePoint is configured to use their AD accounts for authentication.
0
Comment
Question by:Wade_Chestnut
  • 3
  • 2
5 Comments
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35139910
What versions of Exchange and SharePoint are you using?
0
 

Author Comment

by:Wade_Chestnut
ID: 35140233
Exchange 2003 and SharePoint 2010
0
 
LVL 31

Accepted Solution

by:
Justin Owens earned 2000 total points
ID: 35140307
OWA 2003 will tell you the password is expired and give IIS option to change it then or earlier (through options).  It does not do advanced notification on its own.

I have been unable to find any evidence that SharePoint has this functionality natively, but it can be programmed in via a .NET page on your Site.
0
 

Author Comment

by:Wade_Chestnut
ID: 35142634
Well, since Password Policies are in the Computer side of the Group Policies, how can a remote user who has their own laptop in Workgroup mode be forced to change their password?  The Computer policy would not be pushed down to their laptop, right?
0
 
LVL 31

Assisted Solution

by:Justin Owens
Justin Owens earned 2000 total points
ID: 35147668
The reason it is a computer setting is because it is applied on the Domain Controller computer.  Because it is applied to THAT computer, all users on that computer (hence all AD users) are affected.  I know it seems like reverse logic in comparison to how most GPO works, but in this case, that is just how MS does it.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question