Force Password Change
Idea shared by C Layton - December 15, 2014 at 6:51 AM
There have been many improvements around password functionality in SmarterMail 13.x, however there still does not seem to be a way to force a user to change password at next login.
What we had been doing to get around this is to set a password that does not meet the password requirements at user creation.  At first login to webmail the user is forced to change their password.  
Currently we have built a custom web application that uses the SmarterMail web services to create and update user mailboxes.  Using the web services we are not able to perform this workaround.  
How are others forcing password changes?  How is there not a checkbox to force a password change at next login? This is a glaring oversight by SmarterMail. 

12 Replies

Reply to Thread
C Layton, thank you for you question.  There have been similar requests for an option to force a password change on next user login.  I have added it to our features request list for further consideration by the dev. team.  I have also changed this thread from a Question to an Idea to facilitate development tracking.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
I do agree with C Layton, there must be a checkbox to force a password change. About two years ago I spoke with Smartermail support about this feature and they gave me "alternate" solution to create passwords that do not meet passwords requirements...
It would be nice to have such feature, since domain admin can't create a user with weak password to enforce password change...
Yes please!
So...this has been under consideration for some time now.  Are we getting any closer?  This is an important security function.  Thanks for your help.
Mark Martens - MBA, CISSP, PMP, ITIL
Any chance we will see this in SM16?
Hi everyone, 
We appreciate your feedback on this thread! This functionality is among the security updates planned for a future version of SmarterMail. Stay tuned for more details as they come! 
Thank you! 

Andrea Rogers
Communications Specialist
SmarterTools Inc.

Hi guys!
I just upgraded to SM 15 from 12 and somehow all my users were emailed a Password Violation Compliance email.
They have until Feb 17 to change or be locked out. 
This caught us very off guard and so NOT what we needed to happen in the middle of a server migration.
Anyway I have extended the block grace period to 60 days and now I want to send out another email explaining that we have given them an extension but the Feb 17 date still shows on the Password Compliance Email page.
What am I missing? Please help this is time sensitive. Much thanks in advance!
I know you are looking for "On First Login"
But there is a feature for forcing a SCHEDULED password change (for anyone else looking for this)
This feature is already in SM 14. In the administration login, (not domain administrator)
The bottom menu item "Security"
in the "Advanced Settings"
"Password Requirements"
You can say that a password expires every 3 months, or 30 days, or 6 months, etc.  The minimum password strength  requirements and a grace period. - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.

Maybe default it to one day or zero and then it resets to 90 days after the first time?
Yea, I did that by accident once. Set it to 1 month, turned it off, then turned it back on and set it to 6 months or something (cant remember the steps). It forced everyone on the server to change their password on the next login. (not what i was trying to accomplish btw...)
Big Caution ! ---- it also killed all of the passwords of email scripts that are part of websites for sending email on contact forms. Had to manually reset all of those dedicated accounts. what a pain. And setting the password back to what it originally was, does not count as a change, so it will not send out the email. - Providing technology services to non profit organizations, homeless shelters, clean and sober houses and prisoner reentry programs. To date we have given away over 1,000 free computers.

Bummer, so it's a global setting. Would be better if you could override for individual users. We also have accounts used for certain forms and apps that we would not want the password to expire until we say.

Reply to Thread