Joe Healy presented a great overview on Microsoft's Atlas framework.  The turn out was excellent with atleast a dozen in attendance.  Afterwards we adjourned back to the the lounge bar at the Imperial Inn for an improptu Pub Club.  Looking forward to jonathan Goodyear at the next meeting!

I recently helped a co-worker solve a problem with SharePoint and user account password expiration.  The SharePoint site in question uses local accounts to give access to SharePoint.  These accounts are only used for SharePoint access and will never have anything to do with Exchange or logging into a desktop.  Company security policy requires 90 day password changes and also for the initial password to be changed immediately.

The problem arises when one of these SharePoint users log in to the site with ‘User Must Change Password at Next Logon’ checked on their local account (or when the password has expired).  The user can successfully enter their id and password, but they aren’t allowed into the site because they must change their password.  Since they are authenticating through IIS to SharePoint, there are no facilities out of the box to notify them of the ‘must change password’ condition.  With a few simple steps, you can provide this functionality to the user.

There is a big CAVEAT EMPTOR here!  These steps will provide a web based password change mechanism to your users.  These steps will also provide a password change mechanism to those who are not your users.  This public password change page exposes you to a DOS attack against your accounts.  If I know the name of one of your accounts, I can go this page and issue multiple bad passwords in an attempt to change the password.  This will trigger an account lockout (assuming you have enabled account lockout) which will prevent the real user from accessing SharePoint.

Ok. To setup the password change feature, you have to do the following:

1. For the SharePoint site, add a new virtual directory to IIS6 (e.g. named "iisadmpwd") and point it to "c"\windows\system32inetsrv\iisadmpwd".  Ensure it has Read and Run Script permissions. Make sure that anonymous access authentication is enabled for the IISADMPWD virtual directory.
   
2. Exclude this directory in the "Managed Paths" section of the SharePoint site.
   
3. Set the PasswordChangeFlags value for the website to 0 in the IIS metabase. To set the PasswordChangeFlags value in the metabase, launch a command prompt and change to the Inetpub\Adminscripts folder. Type the following command:
   
   adsutil.vbs set w3svc/1/PasswordChangeFlags value
   
   where value is one of the following values 
   
   Value Description
   0       Password changing requires SSL. 
   1       Password changing is permitted on non-secure ports. 
   2       Password changing is disabled. 
   4       Advance notification of password expiration is disabled. 
   
   and w3svc/1 is the default Web site, you’ll need to replace the 1 with the id number of the SharePoint site.
   
   The following sample command shows how to change the metabase
   PasswordChangeFlags setting to 0: 
   
   adsutil.vbs set w3svc/1/passwordchangeflags 0
   
4. Next, we need to tell IIS that we want it to pre-notify people when therir password is about to expire.  This is optional.  To do this, we simply make another metabase entry:
   
   adsutil.vbs set w3svc/1/PasswordExpirePreNotifyDays 4
   
   where value is the number of days before expiration they start getting reminded. And w3svc/1 is the default Web site, you’ll need to replace the 1 with the id number of the SharePoint site.

At this point you should be ready to go.  If you have any problems, there is a good Microsoft Knowledge Base article at http://support.microsoft.com/kb/833734/ on troubleshooting.

The password change functionality in IIS uses a number of pages in the IISADMPWD directory.  Here is a brief explanation of which is which:

/iisadmpwd/achg.asp: This page does the actual password change work.

/iisadmpwd/aexp.asp: This page displays the password change form for a user whose password has expired. Make sure that you type the account name in the "domain\username" format.

/iisadmpwd/aexp3.asp: This page displays the password change form when SSL is not used.

/iisadmpwd/anot.asp: This page appears when a user's password expires earlier than the number of days that are specified in the PasswordExpirePreNotifyDays entry.

/iisadmpwd/anot3.asp: This page appears if a user's password expires earlier than the number of days that are specified in the PasswordExpirePreNotifyDays entry when SSL is not used.

Since I setup a Media Center PC in my home, I have been frustrated with the lack of interface for other PCs on the LAN.  I can obviously access the shares but there is really no good streaming interface.  I have seen plenty of solutions if I own an XBox or wanted to purchase another little blue box from Linksys/Cisco.  I finally cam accros Orb.  After an hour of setup and a little difficulty with MeeVee which resolved itself, I was up and running.  The Prb software that runs on your media PC just makes use of your t uner and any directories with movies or audio files.  It sends a catalog of your files and TV stations to Orb which you can browse from their web site with your login.  If you setup port forwarding on your PC, the Orb component installed on the Media PC will stream it out to you wherever you are.  My whole library and tuner is now available wherever I go... simply awesome.  There are alos some other possibilities with giving logins to family and freinds to view family photos and videos.

So I signed up for BizTalk Server 2006 training with Dunn Training at the end of August.  I am somewhat familiar with the concepts behind BizTalk but have never really touched it.  Since we are currently using BizTalk 2004 in-house currently (upgrading to 2006 shortly), I wanted to familiarize myself.  I poked around the BizTalk developer center and found the BizTalk Virtual Labs.  This is the first time I tried these and found it to be a great introduction.  Microsoft actually hosts a Virtual PC they preconfigure for the lab that you access over the internet.  The development environment is loaded and so is BizTalk.  You just log on, run a script and follow the lab.  When I get some free time, I want to browse the rest of the Virtual Labs.

When I decided to start a blog, I looked around at what other people were doing.  I visited the community sites like Blogger and TypePad but always had it in the back of my mind to host my own.  Since I wanted my own domain and already had a shared hosting site, I settled on DasBlog.  Since it is file based, I didn't have to mess with SQL.  Just dropped the files in and modified some configs and it worked like a charm.  Within a few hours, I had modified the template to do a few things the way I wanted.  The documentation had a direct answer for every question I had and was clear enoug to allo wme to execute the mod in short order.

Anyone interested in DasBlog will be happy to know that version 1.9 is coming soon!

When: Wednesday, August 16, 2006 at 6:00 PM

Who: Joe Healy, our local Microsoft evangelist (http://www.devfish.net/), will be giving a demo on Atlas (http://atlas.asp.net/). "Atlas" is a free framework for building a new generation of richer, more interactive, highly personalized cross-browser web applications.

What: Microsoft Atlas Framework

Where: Space Coast Credit Union Headquarters

8045 N. Wickham Road Melbourne, Florida 32940

Map

Unlike MSDN events and big conferences this will be a local event with lots of opportunities to ask questions and get down to business. Additionally, many of the attendees are employed by companies in the area and provide a great opportunity for professional networking.

See the Space Coast .Net User Group website for more information.