Solved

AD User Accounts, Passwords, OA/OWA and SharePoint

Posted on 2011-03-15
5
234 Views
Last Modified: 2012-05-11
We're beginning to plan enforced, periodic password changes via Group Policies on a 2003 Domain, for example, change ever 90 days, enforce strong passwords, etc.  I noticed the Policy is located in the Computer group -- not the User group.

We have local users in the office as well as a number of remote users who use Outlook Anywhere (with Outlook), Outlook Web Access (via Browser) and SharePoint while some have Computers listed in AD and others have their own laptop that are not apart of the domain.  They do not VPN into our network.

When it gets close to 90 days, I know local users will be prompted via Windows login to change their passwords and even get advanced warnings.  Will the same happen for OA/OWA and SharePoint users using Outlook and/or Internet Explorer -- on Workgroup and Domain Computers?  SharePoint is configured to use their AD accounts for authentication.
0
Comment
Question by:Wade_Chestnut
  • 3
  • 2
5 Comments
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35139910
What versions of Exchange and SharePoint are you using?
0
 

Author Comment

by:Wade_Chestnut
ID: 35140233
Exchange 2003 and SharePoint 2010
0
 
LVL 31

Accepted Solution

by:
Justin Owens earned 500 total points
ID: 35140307
OWA 2003 will tell you the password is expired and give IIS option to change it then or earlier (through options).  It does not do advanced notification on its own.

I have been unable to find any evidence that SharePoint has this functionality natively, but it can be programmed in via a .NET page on your Site.
0
 

Author Comment

by:Wade_Chestnut
ID: 35142634
Well, since Password Policies are in the Computer side of the Group Policies, how can a remote user who has their own laptop in Workgroup mode be forced to change their password?  The Computer policy would not be pushed down to their laptop, right?
0
 
LVL 31

Assisted Solution

by:Justin Owens
Justin Owens earned 500 total points
ID: 35147668
The reason it is a computer setting is because it is applied on the Domain Controller computer.  Because it is applied to THAT computer, all users on that computer (hence all AD users) are affected.  I know it seems like reverse logic in comparison to how most GPO works, but in this case, that is just how MS does it.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question