Exchange password

[Dugganm]

All I ever seem to do is post on the newbie section when I have a problem, but what the hey....

We are running an Exchange server with people validating their passwords through their NT accounts. However we still have a large number of people who don't log onto the NT box.

How can we force users to change their Exchange/email passwords? Obviously the ones who logon to NT can be made to change theirs through their login ID...but is there a way for them to change their passwords easily on their own?


What about the users who only connect to the Exchange box? Is there a plugin for Exchange that would enforce this? Is there any way for the users to change their passwords on their own?

Thanks for any help you can give!

[Quad]

You could post a little more detail. That would be useful. But if your network is setup in a Domain enviornment, such as the NT server being the PDC and the exchange server being the BDC, all password changes will replicated throught the doman.

[d0ppelg@nger]

I'm sure there would have to be a way to allow non domain users to change their passwords, since I would think that there would be some ISP's that are using Exchange and they would have to allow their users to change passwords. One place to always start is of course, google.com. Another place is the following link, http://www.labmice.net/BackOffice/Ex...00/default.htm they have tons of NT related admin stuff and that might help you.
I'll look more into it when I get some free time....

[Dugganm]

Okay...sorry...realised well after I'd posted that I hadn't included any technical detail!

You are correct, we are using a domain environment pretty much set up as you said! We are using NT 4 and Exchange 5.5. Our users are using Outlook 97 onwards...some of them only accessing through a Citrix server.

We realise that all password changes on the domain will replicate throughout it, but we'd like to know how domain users can change their passwords easily (without being forced to) and alos how non domain users can change their email passwords.

i'm just surprised that this hasn't been an issue for anyone else!

[VicE$DoS$]

Please dont neg me for this as it's more of a question and answer rolled into one..

Dugganm have you not tried or considered RSA / Vasco tokens??

Surely if you could remove the need for passwords to be manually changed it would cause a lot less admin / lost password time?

I'm sure you probably know how RSA / Vasco authentication works...I wont bore you with it.

[Dugganm]

I have looked at RSA tokens in the past but one thing stopped us...

Cost. plain and simple.

I work for a Uk government funded organisation...oh what the hell...I work for the National Health Service and the cost of something like this would mean not being able to purchase something else (obviously!) that would be deemed more essential to the continued improvement of the IT service.

We don't have a big problem with passwords at the moment, purely because users can't change them. We do want to fix this though to make the environment more secure.

[VicE$DoS$]

Cheers Dugganm,

Funnily enough I work for a UK Security company. We sell into the NHS, Recently we did a deal for the NHS Information Authority....URL filtering..

You guys all have to have Checkpoint Firewall-1 dont you? I thought that was the minimum criteria for connecting to NHSnet?

The reason I ask is because if you have Firewall-1 and you are an NHS organisation then you should be able to get either Vasco www.vasco.com or RSA Tokens either under the Chest agreement or if not chest then very cheaply I know that Vasco are keen to offer discount to NHS and a I just called RSA who say they'll also do Government NHS discount.

Also if you are using Checkpoint Firewall-1 Enterprise or even maybe Cisco Pix you'll find that the costs to implement RSA Tokens are greatly reduced because within checkpoint and I'm pretty sure same goes for Pix you have an RSA ACE type server inbuilt. An ACE Server can set you back anything from £2k to £12K and from the money you'd save on the ACE Server the cost justification for Tokens would be a lot easier.

I've got names and references of people already looking at this stuff inside the NHS. PM me if you want the details or costings.

If you dont feel any of this is applicable then fair enough mate, Its always good to explore hidden avenues though!!

[Dugganm]

Thanks for all the info, but I'm up in Scotland and as such have slightly different rules to adhere to. NHS Scotland don't seem to be as security minded as our English counterparts!

We don't have Checkpoint Firewall-1, but a firewall that is probably very similarly specced.

Tust me...its an avenue I have tried to go down before and been told it is too costly!

Thanks again for the info!

Now...back to these passwords, and I can;t find a single thing about it on Google, apart from alot of US college sites who use the Web side of Exchange to change passwords...would this be an option?

[Dugganm]

I can't find a single thing about it on Google, apart from alot of US college sites who use the Web side of Exchange to change passwords...would this be an option?

Anyone?