Tuesday, December 11, 2012

Password changes and Windows Authentication - or why not to set your home page to Sharepoint

Password changes and Windows Authentication

For those administrators who have implemented Microsoft SharePoint and use it daily, it might seem to make sense to set SharePoint as the default home page for Internet Explorer. Internet Explorer will log in to the SharePoint server using windows authentication - and so you have a nice single-sign-on user experience. Hurray!

Well... Is your password policy up to date? Do you use password expiration / Account Lockout?

If you use password expiration in your environment, and you change your password, there is a good chance that your account will get locked out. Lets say IE is open on your workstation and you log in to another server and change your password. IE is still authenticating with the old password information. Your account lockout policy will come into play after several attempts.

Short answer: don't set your default homepage to your Sharepoint server.

How else could this bite an administrator?

Hosted Exchange and ActiveSync

ActiveSync synchronization between a Smartphone and Exchange is a good migration option for those leaving the Blackberry world. However, if you use the ActiveDirectory password for your Exchange email account - you will find that your account gets locked out when you change your password. This can occur because the phone is attempting to log in to your email account with the password. What I am doing to avoid this is giving everyone a new email password. Yes it is something else to remember, but it is more convenient than having your account locked out mysteriously every 90 days!