GPO question
-
@WLS-ITGuy said in GPO question:
Correct, as they are BYOD, they have to change it in OWA. However, they get the message that they haven't hit the complexity rules. These are new users, never before created, never before logged into a machine on the network.
So they are not on; and are not joining the domain?
-
@JasGot Correct, only BYOD on a separate VLAN/wifi for students.
-
@WLS-ITGuy what version of exchange?
-
@WLS-ITGuy said in GPO question:
@JasGot Correct, only BYOD on a separate VLAN/wifi for students.
If they are not on, and are not joining AD then GPO doesn't apply.
-
@JasGot said in GPO question:
@WLS-ITGuy said in GPO question:
@JasGot Correct, only BYOD on a separate VLAN/wifi for students.
If they are not on, and are not joining AD then GPO doesn't apply.
Oh yeah forgot I was going to say that.
Changing passwords through OWA can be done, though I think it can be a real PITA.
-
From my experience, BYODs make resetting AD passwords for students a time-waster for IT. You should delegate this to non-IT staff like school librarians and teach them how to use a password reset app like Wisesoft's Password Control (with giving them appropriate permissions like only for students OU, of course) or get your software developer to create a web-based password reset kiosk for students and staff with BYODs.
-
@taurex said in GPO question:
From my experience, BYODs make resetting AD passwords for students a time-waster for IT. You should delegate this to non-IT staff like school librarians and teach them how to use a password reset app like Wisesoft's Password Control (with giving them appropriate permissions like only for students OU, of course) or get your software developer to create a web-based password reset kiosk for students and staff with BYODs.
We've learned since the original post, this is not an AD/OU environment. Your point about 3rd party password control is a great option for domain admins though.....
-
It is an AD environment. The students are created in AD on Server 2016 with Exchange 2016. They just use OWA only. They just don't log in to PCs that are part of the domain.
-
@JasGot said in GPO question:
@taurex said in GPO question:
From my experience, BYODs make resetting AD passwords for students a time-waster for IT. You should delegate this to non-IT staff like school librarians and teach them how to use a password reset app like Wisesoft's Password Control (with giving them appropriate permissions like only for students OU, of course) or get your software developer to create a web-based password reset kiosk for students and staff with BYODs.
We've learned since the original post, this is not an AD/OU environment. Your point about 3rd party password control is a great option for domain admins though.....
But those students still have accounts in OP's AD, right? It's only their devices are BYOD.
-
@taurex said in GPO question:
@JasGot said in GPO question:
@taurex said in GPO question:
From my experience, BYODs make resetting AD passwords for students a time-waster for IT. You should delegate this to non-IT staff like school librarians and teach them how to use a password reset app like Wisesoft's Password Control (with giving them appropriate permissions like only for students OU, of course) or get your software developer to create a web-based password reset kiosk for students and staff with BYODs.
We've learned since the original post, this is not an AD/OU environment. Your point about 3rd party password control is a great option for domain admins though.....
But those students still have accounts in OP's AD, right? It's only their devices are BYOD.
Yes. The new student (class of 2023) can log into OWA but cannot change the password. Other students (class of 2020, 2021, 2022) can all change their passwords.
-
@WLS-ITGuy said in GPO question:
@taurex said in GPO question:
@JasGot said in GPO question:
@taurex said in GPO question:
From my experience, BYODs make resetting AD passwords for students a time-waster for IT. You should delegate this to non-IT staff like school librarians and teach them how to use a password reset app like Wisesoft's Password Control (with giving them appropriate permissions like only for students OU, of course) or get your software developer to create a web-based password reset kiosk for students and staff with BYODs.
We've learned since the original post, this is not an AD/OU environment. Your point about 3rd party password control is a great option for domain admins though.....
But those students still have accounts in OP's AD, right? It's only their devices are BYOD.
Yes. The new student (class of 2023) can log into OWA but cannot change the password. Other students (class of 2020, 2021, 2022) can all change their passwords.
Adding to this, all 4 classes are under the same OU
-
When your students first logs in, are they prompted to set their regional date and time?
-
@JasGot said in GPO question:
net accounts
Can you run "net accounts /domain" from any workstation or server connected to the same domain as the Exchange server. show the results here.
-
@JasGot said in GPO question:
When your students first logs in, are they prompted to set their regional date and time?
Yes.
-
Is your native module exppw.dll correctly registered?
-
@JasGot said in GPO question:
Is your native module exppw.dll correctly registered?
Iβll get the results youβre asking for and this answer as well tomorrow.
-
@JasGot said in GPO question:
net accounts /domain
Which is interesting to know but I guess helps me figure out why they can't change their passwords.
-
This post is deleted! -
@WLS-ITGuy said in GPO question:
@JasGot said in GPO question:
net accounts /domain
Which is interesting to know but I guess helps me figure out why they can't change their passwords.
Assuming you don't have grandular password policies enabled - I don't get how anyone could change their passwords in less than 30 days.
-
@Dashrender said in GPO question:
@WLS-ITGuy said in GPO question:
@JasGot said in GPO question:
net accounts /domain
Which is interesting to know but I guess helps me figure out why they can't change their passwords.
Assuming you don't have grandular password policies enabled - I don't get how anyone could change their passwords in less than 30 days.
Which is the interesting part as I have a screenshot that has my minimum password age at 7 days but that also might be before I upgraded to 2016 server. Who knows, they days blend together now as I get older.