Re: Using Sharepoint as an Extranet?

From: John Kisha (john_at_inlandconsulting.com)
Date: 01/19/05 

Date: Wed, 19 Jan 2005 15:43:15 -0800

Go to SITE SETTINGS | UPDATE MY INFORMATION and you will see the link to
change passwords there.

Administrators can change user passwords after clicking on VIEW
INFORMATION ABOUT SITE USERS | <USER NAME> | CHANGE PASSWORD

I'm not sure, but this may only be available under Active Directory
Account Creation Mode.

John Kisha
Inland Pacific Consulting
http://www.VisitUsAt.com
323-463-8300

-----Original Message-----
From: Justin Mosier [mailto:anonymous@newsgroups.microsoft.com]
Posted At: Wednesday, January 19, 2005 2:44 PM
Posted To: microsoft.public.sharepoint.windowsservices
Conversation: Using Sharepoint as an Extranet?
Subject: Re: Using Sharepoint as an Extranet?

Jim,
Something I'm not understanding is how users are able to "change their
passwords after they log in the first time." Where?

The security window that pops up in the browser when first accessing the

sharepoint site only has username and password entry boxes. It doesn't
have
a "Change Password" button like your standard Windows login popup
window.
I clicked all over the sharepoint site and I didn't see anything about
users
or administrators being able to change passwords.

I guess you mean the passwords have to be managed via AD? I can't make
every
Sharepoint site administrator also a domain administrator in order to
manage
the users for their respective SP sites!

My goal in exploring an AD connection is simply to avoid having to
manage
local windows users on the extranet server myself and instead let each
Sharepoint site administrator add / edit / delete users as needed,
without
intervention by us in IT. I can just foresee the management of local
windows
users becoming a big headache as the number of sharepoint sites grows.
But
if managing them through AD is limited to domain admins (ie. only my
Network
Manager) then I can't go that route.

Hopefully I'm misunderstanding something. Thanks again for your
patience!
Justin

"Jim Buyens" <news@interlacken.com> wrote in message
news:B1054EBD-8726-4229-95DE-9D82DDD73F9E@microsoft.com...
> "Justin Mosier" wrote:
>
>> Jim,
>> Where does the WSS administrator setup a password for the users that
are
>> automatically created in AD? As I step through the screens (Site
>> Settings,
>> Manage Users, Add Users) I don't see a place to specify a password.
>
> WSS choses a random password and e-mails it to the user. The user can
then
> change it after they log in the first time.
>
>> BTW, this discussion is very timely for my group. We just setup WSS
as an
>> extranet last week using local user authentication (not tied to
Active
>> Directory). I was resigned to creating local user accounts on the box
>> whenever new users are needed (for clients, contractors, etc), but
after
>> reading this discussion it sounds like I can get rid of that
maintenance
>> task and let site administrators add users as needed without IT
>> involvement.
>> I hope I'm understanding all this correctly.
>>
>> We already use Sharepoint on our Intranet and love it!
>>
>> Thanks!
>> Justin
>
> Yes, that's how it works. It's slightly unintuitive because there are
no
> special screens for adding new users; you (or the site admin) simply
type
> the
> new user's e-mail address, and if the account doesn't exist, WSS
creates
> it.
>
> Unfortunately, Active Directory Account Creation is something you can
> activate only during initial install. If you have existing content, I
> think
> you could connect the existing content datbases to the new server, but

> this
> is something you should test carefully in advance.
>
> Jim Buyens
> Microsoft FrontPage MVP
> http://www.interlacken.com
> Author of:
> *----------------------------------------------------
> |\---------------------------------------------------
> || Microsoft Windows SharePoint Services Inside Out
> || Microsoft Office FrontPage 2003 Inside Out
> ||---------------------------------------------------
> || Web Database Development Step by Step .NET Edition
> || Microsoft FrontPage Version 2002 Inside Out
> || Faster Smarter Beginning Programming
> || (All from Microsoft Press)
> |/---------------------------------------------------
> *----------------------------------------------------
>
>
>
>> "Jim Buyens" <news@interlacken.com> wrote in message
>> news:B228E2D1-EC20-494E-AAFF-A6531E063A20@microsoft.com...
>> > First, make sure you installed the SharePoint server as directed
at:
>> >
>> >
http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en
-us/stsc05.mspx
>> >
>> > You can bypass the instructions that pertain to Scalable Hosting
Mode
>> > (also
>> > called Host Header Mode) if you like. This is a mode where, for
>> > performance
>> > reasons, you support multiple host names by having WSS (rather than

>> > IIS)
>> > filter on the HTTP host header.
>> >
>> > Then, you create the user accounts in WSS by typing their names
into
>> > the
>> > normal WSS screens, such as Site Settings, Manage Users, Add Users.
If
>> > the
>> > account doesn't exist, WSS will add it to the OU you designated
during
>> > setup.
>> > (Note that the WSS application pool account will need permission to
do
>> > this.)
>> >
>> > To restrict the privileges of accounts created this way, you would
>> > generally
>> > use group policy.
>> >
>> > Jim Buyens
>> > Microsoft FrontPage MVP
>> > http://www.interlacken.com
>> > Author of:
>> > *----------------------------------------------------
>> > |\---------------------------------------------------
>> > || Microsoft Windows SharePoint Services Inside Out
>> > || Microsoft Office FrontPage 2003 Inside Out
>> > ||---------------------------------------------------
>> > || Web Database Development Step by Step .NET Edition
>> > || Microsoft FrontPage Version 2002 Inside Out
>> > || Faster Smarter Beginning Programming
>> > || (All from Microsoft Press)
>> > |/---------------------------------------------------
>> > *----------------------------------------------------
>> >
>> >
>> >
>> > "Dan Marth" wrote:
>> >
>> >> Jim,
>> >>
>> >> I just tried setting up a test user and went to the account tab,
then
>> >> "logon
>> >> hours" and clicked the radio button for "logon denied". I then
>> >> granted
>> >> access to a sharepoint site and tried to login. I tried 3 times
and
>> >> got
>> >> the
>> >> same error everytime, "The Local Security Authority cannot be
>> >> contacted".
>> >> I
>> >> then tried it with "logon permitted" and didn't get the error, I
was
>> >> able
>> >> to
>> >> access the site. Did I goto the wrong place to disable domain
logon?
>> >>
>> >> Thanks,
>> >> Dan
>> >> "Dan Marth" <danmarth@earthlink.net> wrote in message
>> >> news:e$bOaKJ$EHA.2568@TK2MSFTNGP11.phx.gbl...
>> >> > Thanks for all the help!
>> >> >
>> >> > I think setting up the user in a predesignated OU and not
permitting
>> >> domain
>> >> > logins on that OU is the way I will go.
>> >> >
>> >> > Thanks again,
>> >> > Dan
>> >> > "Jim Buyens" <news@interlacken.com> wrote in message
>> >> > news:3837BC81-DE62-4632-ABCE-91FD980EFDC0@microsoft.com...
>> >> > > Yes. The accounts don't have to permit domain logins, but they
do
>> >> > > need
>> >> to
>> >> > be
>> >> > > in Active Directory.
>> >> > >
>> >> > > One approach that might be useful on an Extranet is to set up
a
>> >> > > new
>> >> domain
>> >> > > for this purpose only, and to locate it entirely within a DMZ.
>> >> > >
>> >> > > Jim Buyens
>> >> > > Microsoft FrontPage MVP
>> >> > > http://www.interlacken.com
>> >> > > Author of:
>> >> > > *----------------------------------------------------
>> >> > > |\---------------------------------------------------
>> >> > > || Microsoft Windows SharePoint Services Inside Out
>> >> > > || Microsoft Office FrontPage 2003 Inside Out
>> >> > > ||---------------------------------------------------
>> >> > > || Web Database Development Step by Step .NET Edition
>> >> > > || Microsoft FrontPage Version 2002 Inside Out
>> >> > > || Faster Smarter Beginning Programming
>> >> > > || (All from Microsoft Press)
>> >> > > |/---------------------------------------------------
>> >> > > *----------------------------------------------------
>> >> > >
>> >> > > "Dan Marth" wrote:
>> >> > >
>> >> > > > So, is it true to say that the only authentication mode is
using
>> >> > > > a
>> >> > Windows
>> >> > > > AD account?
>> >> > > >
>> >> > > > "Jim Buyens" <news@interlacken.com> wrote in message
>> >> > > > news:88CC7ABC-2DC6-4359-A72F-500D83656B78@microsoft.com...
>> >> > > > > Install the external copy of WSS in Active Directory
Account
>> >> Creation
>> >> > > > mode.
>> >> > > > >
>> >> > > > > With this mode in effect, whenever a site administrator
grants
>> >> access
>> >> > to a
>> >> > > > > username that doesn't exist, WSS creates an account with
the
>> >> > > > > given
>> >> > name in
>> >> > > > a
>> >> > > > > predesignated Active Directory OU. This maks it easier to
>> >> > > > > identify
>> >> the
>> >> > > > > external visitors and strip away the privileges you don't
want
>> >> > > > > them
>> >> to
>> >> > > > have.
>> >> > > > >
>> >> > > > > Jim Buyens
>> >> > > > > Microsoft FrontPage MVP
>> >> > > > > http://www.interlacken.com
>> >> > > > > Author of:
>> >> > > > > *----------------------------------------------------
>> >> > > > > |\---------------------------------------------------
>> >> > > > > || Microsoft Windows SharePoint Services Inside Out
>> >> > > > > || Microsoft Office FrontPage 2003 Inside Out
>> >> > > > > ||---------------------------------------------------
>> >> > > > > || Web Database Development Step by Step .NET Edition
>> >> > > > > || Microsoft FrontPage Version 2002 Inside Out
>> >> > > > > || Faster Smarter Beginning Programming
>> >> > > > > || (All from Microsoft Press)
>> >> > > > > |/---------------------------------------------------
>> >> > > > > *----------------------------------------------------
>> >> > > > >
>> >> > > > >
>> >> > > > > "Dan Marth" wrote:
>> >> > > > >
>> >> > > > > > Can this be done? I already have an Intranet Sharepoint
>> >> > > > > > server
>> >> setup
>> >> > but
>> >> > > > our
>> >> > > > > > vendors and affiliates can't access it without us giving

>> >> > > > > > them a
>> >> > network
>> >> > > > > > account. If the users don't have a network
>> >> > > > > > account..........what
>> >> > other
>> >> > > > > > authentication could I use so the site is not completely
>> >> > > > > > public?
>> >> > > > > >
>> >> > > > > > Thanks in advance,
>> >> > > > > > Dan
>> >> > > > > >
>> >> > > > > >
>> >> > > > > >
>> >> > > >
>> >> > > >
>> >> > > >
>> >> >
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>

Loading