Hey all,
I recently took over as an admin at a telecom retailer with ~ 50 users. The server runs SBS 2003 and the clients run XP Pro (well, except me…I get 7U). Previously, I was a small business consultant and rarely dealt with servers, so please bear with me if this is a rookie question. For what it’s worth, I scoured the internet looking for an answer to this question before I came here…
Anyway, I’ve spent the past few weeks getting acquainted with the network as the last admin left it. It works, so I can’t complain too much, but there are some pretty glaring errors in some places. For one thing, the login name for the workstations on the sales floors of all 11 stores is the same. In some cases, 20 or more PCs are logged into the domain with the same username at the same time. Additionally, this one-size-fits-all “user” has the same name as the domain. This has caused several headaches and is on the list of things to change, but it is what it is for now. The salespeople are required by the wireless carrier we represent to lock the machines any time they step away from them, and the overly complex password the previous admin assigned to this “user” is a source of much frustration and complaining, so I set out to change it.
At first, I thought I could simply go to AD on my server, select my “user,” and reset the password. I found out the next morning that I was wrong. What happened was the stores went to log on to the activations website for the wireless carrier (which uses a local IE certificate), and received an error message asking them to select a certificate (I don’t have the exact text of the message at this time, but can get it if needed). Even after selecting the certificate, though, IE7 could not access the site. I found out through some quick research that this is a built-in security feature designed to protect the user (KB 331333). The nonsensical part was that it was not affecting all of the stores, though…some had 100% functionality with the new password.
I changed the password back to the original, and then went to the “account” tab in user properties and selected “change password at next login.” I remoted into one of my workstations and went through the password change that way, and it still didn’t work. The password changed successfully, I logged into the workstation successfully, but the website that requires the certificate didn’t work.
I’m at a loss. Like I said, I’m a rookie admin, but this just doesn’t make any sense. Do I just need to re-install the certificate? That can’t be it…what if I implemented a much more aggressive password policy? Would the user have to re-install the certificate every x-amount of time because of a forced password change?
Any help would be appreciated. Thanks!