Showing User Passwords in SM16
Question asked by John Archer - May 30, 2017 at 5:04 AM
I just upgraded to SM 16. Found where to activate the Show User Passwords option and enabled it.
Now I don't see the option to display the current User Account Password. Where would I find it?

11 Replies

Reply to Thread
Andrea Rogers Replied
Employee Post
Hi John! 
The ability to view a user's password is still available in version 16.x. However, please note that this functionality, along with the ability to decrypt passwords on the server, will be removed in version 17.x, as this release will offer additional privacy and security measures. In the meantime, follow these steps to enable the Show Password functionality in 16.x: 
  1. On the server where SmarterMail is installed, navigate to Administrative Tools > Services and Stop the SmarterMail Service. 
  2. As an Administrator, edit the mailConfig.xml file. (As always, make a backup copy first.)
  3. Find the line: <allowViewingOfPasswords>False</allowViewingOfPasswords>
  4. Change this value to True. 
  5. Save the file, ensuring it overwrites the mailConfig.xml file found in the Service folder. 
  6. In the Services window, Start the SmarterMail Service. 
After that's been done, log into the SmarterMail interface as a System Administrator and complete the following:
  1. Click on the Settings icon and then General Settings. Save a change to any setting in this area. (You can simply toggle a setting off, Save, then toggle it back on and Save again.)
  2. Click on the Manage icon and Manage a domain to impersonate the Domain Admin. 
  3. In the Accounts section, open a user's configuration options. 
  4. On the Account card, you should now find a blue Show Password button. 
Keep in mind that it's important that the SmarterMail service is stopped before making the change to the mailConfig.xml file and you must save a setting in the System Admin settings in order for this option to appear. Without doing those two things, you may not see the Show Password option, even after changing the value to True.
Let me know if you have any questions or trouble! 
Andrea Rogers 
Communications Specialist 
SmarterTools Inc. 
(877) 357-6278
All is working now thanks.
It is unfortunate that the password option will no longer exist.
My users do not know their passwords on an average since they use Outlook
and not the Web interface which makes for some serious problems w/o the password option.
I guess I will need to start looking for a replacement by the time I need to go to release 17.x
I need for my costumers this function to be enabled.
I also need to start looking for a replacement if you disable in v17.
I will also need to find another solution if you remove this option :(
I won't go so far as to say I will definitely switch if this option goes away, but it will certainly make my life much more difficult.  Most of my customers host with me BECAUSE I can do things like look up their passwords and help with things like that.
Ok I realize the stance ST is taking with this approach for better security, etc. I applaud that, but in my case and prior comments in this thread are that users will forget their password. It's a given and it's going to happen. The biggest issue we deal with on the support side is when a user gets a new phone or a tablet, they need their password because they forgot it. So if we no longer have the ability to even enable this feature if we want it, then resetting a password for a user means we will have to set that new password up on numerous devices (phone, tablet, computer, etc.). So a 2 minute call now takes 5-10 times longer than it should. I get at least 10 calls a week for users that bought a new phone, computer, etc. and they need to know what their password is.
As a server administrator, our company only gives server admin access to a limited amount of people in our office. So why not either (A) give us the option like what v16 has, or (B) some utility we can run on the local server to get a password list for a given user or a full list.
Just my 2 cents for what it's worth.
As stated before, I hate the idea of not being able to see passwords. However, the "quick fix" here is to NOT allow users to change their passwords, and for the email admin to keep a list of all passwords in (hopefully) a secure, protected file/location. In the long run, this will have the same result, but, of course, is quite a security risk in itself. And it certainly removes any potential liability on the part of ST. I have clients right now with corporate gmail, who either keep such a list or request that I do(!).
All that said, the UI in v17 will be a much bigger issue, especially if support is ended for v15.
It would really be less of an issue if there was the ability to set a new permanent password on the user easily.  As it stands now, if someone forgets their password and wants me to set a new one, I have to login as admin, set a temporary password, copy it, log out as admin, log in as them with the temporary password, go to change password, enter the temporary password again and enter the new permanent password twice.  This is especially annoying from a phone or tablet.
The line in the .XML file named here above doesn't exist. What now? was this removed from 16 already?
VERY, VERY disappointed with this feature getting removed!!! Please reconsider!! I use this for a small 4-person company and a couple personal sites. This was a great feature I used, if you won't allow this any more I will need try to manage a changeable password list and this is less safe!!
Can you explain how "Impersonate User" by the admin who cant be trusted is less of a security breach? If you don't want to allow us to see passwords you should take out the admins ability to "Impersonate users", "Change password"
Kendra Support
Junk Email filtered ISP

Reply to Thread