FIM2010–Self-Service Password Reset Enhancements

Well, I just read this little nugget and decided to post it to share it with the world (as well as keep it somewhere safe for myself!). When the initial release of the SSPR came out with FIM, there were considerable issues in that the user password was changed to a random value as an administrator and then a “proxied” login was used to go in as the user themselves and change the password to the known value that was provided as part of the reset action. This however, led to some issues where people didn’t like that the random password was being applied however, in the same instance, this did allow for some password policy components such as password history and complexity to be enforced (which was otherwise bypassed by the administrator account changing the password to a random string).

In a later release, SSPR just simply changed the password using the value provided by the user performing the reset using the administrative credentials of the MA. This provided a problem in that the complexity and history were not enforced. (The figurative pendulum had swung far to the other direction!). Smile

However, there is apparently a method now to allow SSPR to change the users password while still enforcing policies effectively. This is good news as it is certainly a bad precedent to have the self-service tool allowing users to reuse passwords that are weak! The details are found on the support site http://support.microsoft.com/KB/2443871.

Advertisements
This entry was posted in Forefront Identity Manager 2010. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s