Justin
Wed Jan 19 16:44:06 CST 2005
Jim,
Something I'm not understanding is how users are able to "change their
passwords after they log in the first time." Where?
The security window that pops up in the browser when first accessing the
sharepoint site only has username and password entry boxes. It doesn't have
a "Change Password" button like your standard Windows login popup window.
I clicked all over the sharepoint site and I didn't see anything about users
or administrators being able to change passwords.
I guess you mean the passwords have to be managed via AD? I can't make every
Sharepoint site administrator also a domain administrator in order to manage
the users for their respective SP sites!
My goal in exploring an AD connection is simply to avoid having to manage
local windows users on the extranet server myself and instead let each
Sharepoint site administrator add / edit / delete users as needed, without
intervention by us in IT. I can just foresee the management of local windows
users becoming a big headache as the number of sharepoint sites grows. But
if managing them through AD is limited to domain admins (ie. only my Network
Manager) then I can't go that route.
Hopefully I'm misunderstanding something. Thanks again for your patience!
Justin
"Jim Buyens" <news@interlacken.com> wrote in message
news:B1054EBD-8726-4229-95DE-9D82DDD73F9E@microsoft.com...
> "Justin Mosier" wrote:
>
>> Jim,
>> Where does the WSS administrator setup a password for the users that are
>> automatically created in AD? As I step through the screens (Site
>> Settings,
>> Manage Users, Add Users) I don't see a place to specify a password.
>
> WSS choses a random password and e-mails it to the user. The user can then
> change it after they log in the first time.
>
>> BTW, this discussion is very timely for my group. We just setup WSS as an
>> extranet last week using local user authentication (not tied to Active
>> Directory). I was resigned to creating local user accounts on the box
>> whenever new users are needed (for clients, contractors, etc), but after
>> reading this discussion it sounds like I can get rid of that maintenance
>> task and let site administrators add users as needed without IT
>> involvement.
>> I hope I'm understanding all this correctly.
>>
>> We already use Sharepoint on our Intranet and love it!
>>
>> Thanks!
>> Justin
>
> Yes, that's how it works. It's slightly unintuitive because there are no
> special screens for adding new users; you (or the site admin) simply type
> the
> new user's e-mail address, and if the account doesn't exist, WSS creates
> it.
>
> Unfortunately, Active Directory Account Creation is something you can
> activate only during initial install. If you have existing content, I
> think
> you could connect the existing content datbases to the new server, but
> this
> is something you should test carefully in advance.
>
> Jim Buyens
> Microsoft FrontPage MVP
>
http://www.interlacken.com
> Author of:
> *----------------------------------------------------
> |\---------------------------------------------------
> || Microsoft Windows SharePoint Services Inside Out
> || Microsoft Office FrontPage 2003 Inside Out
> ||---------------------------------------------------
> || Web Database Development Step by Step .NET Edition
> || Microsoft FrontPage Version 2002 Inside Out
> || Faster Smarter Beginning Programming
> || (All from Microsoft Press)
> |/---------------------------------------------------
> *----------------------------------------------------
>
>
>
>> "Jim Buyens" <news@interlacken.com> wrote in message
>> news:B228E2D1-EC20-494E-AAFF-A6531E063A20@microsoft.com...
>> > First, make sure you installed the SharePoint server as directed at:
>> >
>> >
http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stsc05.mspx
>> >
>> > You can bypass the instructions that pertain to Scalable Hosting Mode
>> > (also
>> > called Host Header Mode) if you like. This is a mode where, for
>> > performance
>> > reasons, you support multiple host names by having WSS (rather than
>> > IIS)
>> > filter on the HTTP host header.
>> >
>> > Then, you create the user accounts in WSS by typing their names into
>> > the
>> > normal WSS screens, such as Site Settings, Manage Users, Add Users. If
>> > the
>> > account doesn't exist, WSS will add it to the OU you designated during
>> > setup.
>> > (Note that the WSS application pool account will need permission to do
>> > this.)
>> >
>> > To restrict the privileges of accounts created this way, you would
>> > generally
>> > use group policy.
>> >
>> > Jim Buyens
>> > Microsoft FrontPage MVP
>> >
http://www.interlacken.com
>> > Author of:
>> > *----------------------------------------------------
>> > |\---------------------------------------------------
>> > || Microsoft Windows SharePoint Services Inside Out
>> > || Microsoft Office FrontPage 2003 Inside Out
>> > ||---------------------------------------------------
>> > || Web Database Development Step by Step .NET Edition
>> > || Microsoft FrontPage Version 2002 Inside Out
>> > || Faster Smarter Beginning Programming
>> > || (All from Microsoft Press)
>> > |/---------------------------------------------------
>> > *----------------------------------------------------
>> >
>> >
>> >
>> > "Dan Marth" wrote:
>> >
>> >> Jim,
>> >>
>> >> I just tried setting up a test user and went to the account tab, then
>> >> "logon
>> >> hours" and clicked the radio button for "logon denied". I then
>> >> granted
>> >> access to a sharepoint site and tried to login. I tried 3 times and
>> >> got
>> >> the
>> >> same error everytime, "The Local Security Authority cannot be
>> >> contacted".
>> >> I
>> >> then tried it with "logon permitted" and didn't get the error, I was
>> >> able
>> >> to
>> >> access the site. Did I goto the wrong place to disable domain logon?
>> >>
>> >> Thanks,
>> >> Dan
>> >> "Dan Marth" <danmarth@earthlink.net> wrote in message
>> >> news:e$bOaKJ$EHA.2568@TK2MSFTNGP11.phx.gbl...
>> >> > Thanks for all the help!
>> >> >
>> >> > I think setting up the user in a predesignated OU and not permitting
>> >> domain
>> >> > logins on that OU is the way I will go.
>> >> >
>> >> > Thanks again,
>> >> > Dan
>> >> > "Jim Buyens" <news@interlacken.com> wrote in message
>> >> > news:3837BC81-DE62-4632-ABCE-91FD980EFDC0@microsoft.com...
>> >> > > Yes. The accounts don't have to permit domain logins, but they do
>> >> > > need
>> >> to
>> >> > be
>> >> > > in Active Directory.
>> >> > >
>> >> > > One approach that might be useful on an Extranet is to set up a
>> >> > > new
>> >> domain
>> >> > > for this purpose only, and to locate it entirely within a DMZ.
>> >> > >
>> >> > > Jim Buyens
>> >> > > Microsoft FrontPage MVP
>> >> > >
http://www.interlacken.com
>> >> > > Author of:
>> >> > > *----------------------------------------------------
>> >> > > |\---------------------------------------------------
>> >> > > || Microsoft Windows SharePoint Services Inside Out
>> >> > > || Microsoft Office FrontPage 2003 Inside Out
>> >> > > ||---------------------------------------------------
>> >> > > || Web Database Development Step by Step .NET Edition
>> >> > > || Microsoft FrontPage Version 2002 Inside Out
>> >> > > || Faster Smarter Beginning Programming
>> >> > > || (All from Microsoft Press)
>> >> > > |/---------------------------------------------------
>> >> > > *----------------------------------------------------
>> >> > >
>> >> > > "Dan Marth" wrote:
>> >> > >
>> >> > > > So, is it true to say that the only authentication mode is using
>> >> > > > a
>> >> > Windows
>> >> > > > AD account?
>> >> > > >
>> >> > > > "Jim Buyens" <news@interlacken.com> wrote in message
>> >> > > > news:88CC7ABC-2DC6-4359-A72F-500D83656B78@microsoft.com...
>> >> > > > > Install the external copy of WSS in Active Directory Account
>> >> Creation
>> >> > > > mode.
>> >> > > > >
>> >> > > > > With this mode in effect, whenever a site administrator grants
>> >> access
>> >> > to a
>> >> > > > > username that doesn't exist, WSS creates an account with the
>> >> > > > > given
>> >> > name in
>> >> > > > a
>> >> > > > > predesignated Active Directory OU. This maks it easier to
>> >> > > > > identify
>> >> the
>> >> > > > > external visitors and strip away the privileges you don't want
>> >> > > > > them
>> >> to
>> >> > > > have.
>> >> > > > >
>> >> > > > > Jim Buyens
>> >> > > > > Microsoft FrontPage MVP
>> >> > > > >
http://www.interlacken.com
>> >> > > > > Author of:
>> >> > > > > *----------------------------------------------------
>> >> > > > > |\---------------------------------------------------
>> >> > > > > || Microsoft Windows SharePoint Services Inside Out
>> >> > > > > || Microsoft Office FrontPage 2003 Inside Out
>> >> > > > > ||---------------------------------------------------
>> >> > > > > || Web Database Development Step by Step .NET Edition
>> >> > > > > || Microsoft FrontPage Version 2002 Inside Out
>> >> > > > > || Faster Smarter Beginning Programming
>> >> > > > > || (All from Microsoft Press)
>> >> > > > > |/---------------------------------------------------
>> >> > > > > *----------------------------------------------------
>> >> > > > >
>> >> > > > >
>> >> > > > > "Dan Marth" wrote:
>> >> > > > >
>> >> > > > > > Can this be done? I already have an Intranet Sharepoint
>> >> > > > > > server
>> >> setup
>> >> > but
>> >> > > > our
>> >> > > > > > vendors and affiliates can't access it without us giving
>> >> > > > > > them a
>> >> > network
>> >> > > > > > account. If the users don't have a network
>> >> > > > > > account..........what
>> >> > other
>> >> > > > > > authentication could I use so the site is not completely
>> >> > > > > > public?
>> >> > > > > >
>> >> > > > > > Thanks in advance,
>> >> > > > > > Dan
>> >> > > > > >
>> >> > > > > >
>> >> > > > > >
>> >> > > >
>> >> > > >
>> >> > > >
>> >> >
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>