Yep - I've been through this just of late. If the Change at next logon is set, IIS doesn't have that level of function to allow this to take palce through the current functions.
Rick -- Posting is provided "AS IS", and confers no rights or warranties ... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Saturday, August 27, 2005 5:04 PM To: ActiveDir@mail.activedir.org Subject: Re: FW: [Fwd: RE: [ActiveDir] Password policy change] Yes that enables the password change functionality through OWA, but I don't believe that will help this particular situation. When you set the User Must Change Password at Next Logon bit then logon to OWA I don't think OWA will dump you to a password change screen. That Password Change screen is only something you can access once in OWA as far as I know. To address the question about password expiry and OWA users, when you log in with OWA it will tell you that your password is getting close to expiring so it gives you a heads up that you need to change your password soon, whether that is through the IIS Password change tool or some other password change facility. Phil On 8/27/05, joe <[EMAIL PROTECTED]> wrote: > >From a "shy" lurker MVP.... > > It appears it is something you can enable. It isn't strictly part of OWA but > the old IIS Password change tool. I recall there being issues with that tool > and that is why they stopped enabling it by default but can't recall what > they were this late at night or this early in the morning whatever it may > be. ;o) > > Thanks for the assist Mom. :) > > > > -----Original Message----- > Sent: Saturday, August 27, 2005 2:24 AM > To: [EMAIL PROTECTED] > Subject: [Fwd: RE: [ActiveDir] Password policy change] > > http://www.petri.co.il/enable_password_changing_through_owa_in_exchange_2003 > .htm > > > -------- Original Message -------- > Subject: RE: [ActiveDir] Password policy change > Date: Sat, 27 Aug 2005 02:16:14 -0400 > From: joe <[EMAIL PROTECTED]> > Reply-To: ActiveDir@mail.activedir.org > To: <ActiveDir@mail.activedir.org> > > > > Yep, OWA is Outlook Web Access. If you haven't seen it, it is gorgeous in > Exchange 2003. It looks almost exactly like Outlook. Unfortunately, if your > password is expired (forced or otherwise) you aren't getting into OWA. I > also don't believe it has a password change function if you just want to go > and change it, but that could be something that could be enabled. > Alternatively you set up another web page to do it. > > As for the OPs original issue. It all comes down to implementation. You told > the system to not allow people to change the password if the password age > was less than one day and then were confused when it did exactly that. The > reason for it is that there is one attribute for password age, pwdLastSet, > and it doesn't distinguish between a helpdesk set operation or a normal > password change, they are both password changes and you only want one day > between every change. The proper way to handle that case is to force the > user's to change their password on next logon (which sets the pwdLastSet to > 0), but as you know, that will kill OWA users. So you either need another > process to follow for OWA only users, install some third party or custom > inhouse tool, or drop the minimum password aging. > > joe > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of SysPro Support > Sent: Saturday, August 27, 2005 12:09 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Password policy change > > Your right Aaron, I didn't know what it meant.! > > I am not an outlook sort of person (we use Notes...), but the inferred > statement surprises me. It suggests that if the "must change password" is > set, you can't logon to Outlook Web Access. > > This would suggest that forcing users to change password after (say) 28 days > is also a no-no. > > And, it would also suggest that Outlook Web Access won't let you change your > password. If it did, it would surely allow you to logon, then require you to > change the password before you do anything.. > > This all seems unlikely, given Microsoft's recommended use of forcing > password changes on a regular basis and forcing users to change a password > when a new user is created. > > If it is all true, maybe you have to provide some way that the users can go > to a Citrix portal and change their password there, then go back and use > Outlook Web Access. > > Alan Cuthbertson > > > Policy Management Software:- > http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml > ADM Template Editor:- > http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml > Policy Log Reporter(Free) > http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml > > > > > ----- Original Message ----- > From: "Aaron Visser" <[EMAIL PROTECTED]> > To: <ActiveDir@mail.activedir.org> > Sent: Saturday, August 27, 2005 8:59 AM > Subject: Re: [ActiveDir] Password policy change > > > Nevermind OWA = Outlook Web Access > > > On 8/26/05 3:39 PM, "Figueroa, Johnny" <[EMAIL PROTECTED]> > wrote: > > > > > I mean, if I use the check box to "user must change password at next > logon" > > our users whose only way into the domain is OWA will not prompt them > > to > change > > their password... Unless I am missing something. > > > > Thanks > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of SysPro > > Support > > Sent: Friday, August 26, 2005 3:19 PM > > To: ActiveDir@mail.activedir.org > > Subject: Re: [ActiveDir] Password policy change > > > > Johnny, > > > > We do exactly what you suggest, change the password and set the "user > > must change password at next logon" and they are able to change it, > > even within > the > > "password cannot be changed period". > > > > What do you mean by "that would effectively lock out the OWA only users"? > > > > > > Alan Cuthbertson > > > > > > Policy Management Software:- > > http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml > > ADM Template Editor:- > > http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml > > Policy Log Reporter(Free) > > http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.sht > > ml > > > > > > > > ----- Original Message ----- > > From: "Figueroa, Johnny" <[EMAIL PROTECTED]> > > To: <ActiveDir@mail.activedir.org> > > Sent: Saturday, August 27, 2005 2:56 AM > > Subject: RE: [ActiveDir] Password policy change > > > > > > > > Help desk sets he password to something "something", tells the user to > > change their password to whatever they want it to be and the user can not. > I > > thought about having the HD check the box that makes it so the user > > has to change the password the next time they log in but I think that > > would effectively lock out the OWA only users. > > > > The point is that the HD gets the user going by setting the password > > to something generic, then the user is supposed to change it to > > whatever they want to keep. > > > > > > Thanks > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > > Sent: Friday, August 26, 2005 9:45 AM > > To: ActiveDir@mail.activedir.org > > Subject: RE: [ActiveDir] Password policy change > > > > Which part is "not working" and how is it "not working"? > > > > > > Sincerely, > > > > Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I > > Microsoft MVP - Directory Services > > www.readymaids.com - we know IT > > www.akomolafe.com > > Do you now realize that Today is the Tomorrow you were worried about > > Yesterday? -anon > > > > ________________________________ > > > > From: [EMAIL PROTECTED] on behalf of Figueroa, Johnny > > Sent: Fri 8/26/2005 9:34 AM > > To: ActiveDir@mail.activedir.org > > Subject: [ActiveDir] Password policy change > > > > > > > > > > Good morning folks, yesterday I changed the domain password security > > to retain password history for 5 passwords and the password can not be > changed > > for one day. > > > > Our help desk used to set passwords to a default value when they got a > call > > from a user and then tell the user to change it to something they > > want. It looks like that is not working for them > > > > Is there anyway around this ? > > > > Thanks > > > > Johnny Figueroa > > Enterprise Network Consultant/Integrator Network Services Banner > > Health Voice (602) > > 495-4195 Fax (602) 495-4406 > > > > WARNING: This message, and any attachments, are intended only for the > > use > of > > the individual or entity to which it is addressed and may contain > > information that is privileged, confidential and exempt from > > disclosure under applicable law. If the reader of this message is not > > the intended recipient or employee/agent responsible for delivering > > the message to the intended recipient, you are hereby notified that > > any dissemination, distribution or copying of the communication is > > strictly prohibited. If > you > > receive this communication in error, please notify us immediately > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
