Back to Community Threads
15
Force Password Change
Idea shared by C Layton - 12/15/2014 at 6:51 AM
Completed
There have been many improvements around password functionality in SmarterMail 13.x, however there still does not seem to be a way to force a user to change password at next login.
 
What we had been doing to get around this is to set a password that does not meet the password requirements at user creation.  At first login to webmail the user is forced to change their password.  
 
Currently we have built a custom web application that uses the SmarterMail web services to create and update user mailboxes.  Using the web services we are not able to perform this workaround.  
 
How are others forcing password changes?  How is there not a checkbox to force a password change at next login? This is a glaring oversight by SmarterMail. 

13 Replies

Reply to Thread
2
Employee Replied
12/17/2014 at 9:26 AM
Employee Post
C Layton, thank you for you question.  There have been similar requests for an option to force a password change on next user login.  I have added it to our features request list for further consideration by the dev. team.  I have also changed this thread from a Question to an Idea to facilitate development tracking.
0
I do agree with C Layton, there must be a checkbox to force a password change. About two years ago I spoke with Smartermail support about this feature and they gave me "alternate" solution to create passwords that do not meet passwords requirements...
2
It would be nice to have such feature, since domain admin can't create a user with weak password to enforce password change...
1
Yes please!
3
So...this has been under consideration for some time now.  Are we getting any closer?  This is an important security function.  Thanks for your help.
Mark Martens - MBA, CISSP, PMP, ITIL
0
Any chance we will see this in SM16?
1
Employee Replied
1/24/2017 at 3:50 PM
Employee Post
Hi everyone, 
 
We appreciate your feedback on this thread! This functionality is among the security updates planned for a future version of SmarterMail. Stay tuned for more details as they come! 
 
Thank you! 
0
Hi guys!
I just upgraded to SM 15 from 12 and somehow all my users were emailed a Password Violation Compliance email.
They have until Feb 17 to change or be locked out. 
 
This caught us very off guard and so NOT what we needed to happen in the middle of a server migration.
Anyway I have extended the block grace period to 60 days and now I want to send out another email explaining that we have given them an extension but the Feb 17 date still shows on the Password Compliance Email page.
 
What am I missing? Please help this is time sensitive. Much thanks in advance!
0
I know you are looking for "On First Login"
 
But there is a feature for forcing a SCHEDULED password change (for anyone else looking for this)
This feature is already in SM 14. In the administration login, (not domain administrator)
 
The bottom menu item "Security"
in the "Advanced Settings"
"Password Requirements"
 
 
You can say that a password expires every 3 months, or 30 days, or 6 months, etc.  The minimum password strength  requirements and a grace period.
 
 
www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
0
Maybe default it to one day or zero and then it resets to 90 days after the first time?
0
Yea, I did that by accident once. Set it to 1 month, turned it off, then turned it back on and set it to 6 months or something (cant remember the steps). It forced everyone on the server to change their password on the next login. (not what i was trying to accomplish btw...)
Big Caution ! ---- it also killed all of the passwords of email scripts that are part of websites for sending email on contact forms. Had to manually reset all of those dedicated accounts. what a pain. And setting the password back to what it originally was, does not count as a change, so it will not send out the email.
www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
0
Bummer, so it's a global setting. Would be better if you could override for individual users. We also have accounts used for certain forms and apps that we would not want the password to expire until we say.
0
Employee Replied
3/12/2019 at 2:46 PM
Employee Post
This feature was added in SmarterMail 16.3.6522 (Nov 9, 2017):
"Domain admins have an option in the Accounts page to expire the password of one or more users, forcing the user(s) to change their account password on the next web interface login."

To find this option, log in as a Domain Administrator. Click on Domain Settings, then click on Accounts. In the Users grid, select one or more users. Then click on the Actions (...) button and select Expire Password. (Alternatively, you can right-click on the user in the grid to select Expire Password.)

Some notes about this feature:
If password changes were disabled for the user, this setting will enable password changes and expire the password of the user. In addition, accounts set to Active Directory authentication cannot have their password expired.

When creating a new user account, you can also enable "Force password change at next login". 
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Configure SmarterMail as a Free Gateway ServerSmarterMail > Server Configuration and Management
Setting Up Two-Step Authentication (2FA, MFA, etc.)SmarterMail > Desktop and Mobile Synchronization
SmarterMail HIPAA/FINRA/SOX ComplianceGeneral Topics
Configure an EAS Account in the Samsung Email ClientSmarterMail > Desktop and Mobile Synchronization
eM Client Fails to Connect to IMAPSmarterMail > Troubleshooting