Microsoft Office Tutorials and References
In Depth Information
In the Account Registration section are the service account credentials fields, one for the
username and one for the password.
The username field requires a domain\username (or if it’s a local computer account
computername\username ) syntax.
You might notice that automatic password management is optional. In other words, you can
add a registered account name and password and then not let SharePoint do anything with the
account in terms of password changes. That may be because most SharePoint services won’t
even accept an account unless it’s a managed account, forcing you to register most service
accounts, whether or not you want SharePoint to manage them. So, it’s only fair that if you don’t
want to buy into SharePoint controlling an account’s password, you shouldn’t have to do so.
However, if you do want SharePoint to play an active part in detecting the state of the
account’s password or changing it, the Automatic Password Change section is for you.
First check the Enable Automatic Password Change check box, and then the other settings in
the section become available.
If a password expiration policy is detected, the first option in the section lets SharePoint
change the account’s password a certain number of days before the password actually expires.
The default is two days, but you can change it.
The second option in the section is to start notifying by email that the password is expiring,
based on a number of days before the expiration is to occur. The default is five days (suppos-
edly giving you a three-day lead before the password is changed by SharePoint). The odd thing
about this setting is that the notification email is apparently supposed to be sent out summary
style; in other words, it can only be sent either weekly or monthly.
I can see where this could cause a problem, because the default notification schedule is five
days before a password is changed, but even a weekly notification can be seven days away,
making the email a little late to do anything about. And I can only imagine sending out the five-day
warning email once a month is even less helpful.
For this reason, I tend to set the warning to be at least eight days, rather than five. Then I set
the notification email for weekly—at least for the first few months, until I am sure that
everything is working fine. Then I might edit the managed account and change the password settings.
HOW DOES IT KNOW WHO TO NOTIFY?
You may have noticed that this page seems to take for granted that it knows where to send these
notification emails you’re scheduling. This is why if you are configuring managed accounts, you also
need to go to Configure Password Change Settings in the General Security subcategory. It is there
that you specify the email address used by SharePoint for password expiration notification.
In this example (as you can see in Figure 11.66), I’m just going to register a test account I
created in AD for this example (dem0tek\testacct), enable a password, and enable automatic
password change. For this example, let’s keep the two-day schedule for changing the
password before expiration. And for the notification, choose eight days and a weekly notification
schedule. Once your settings are complete, click OK. You’ll return to the Managed Accounts
page, where your new account will be listed.
To edit a managed account after it’s been registered, go to the Managed Accounts page
(where you should be if you’ve been following along). Just click the Edit button for the account
(in the Edit column). That will open the Manage Account page; only this time, instead of a
section for you to specify the username and password, there will be a section to change the
password right now (Figure 11.67). There are radio button settings to let SharePoint generate a new