Does anyone know if there is a way to enforce password changes with External Authentication from IWP connections?

If this is not possible, how about a recommendation on a strategy involving passord changes that would not be so labor intensive from an administrator's perspective?

The Accounts and their passwords are inside the Directory Service, either AD or OD. Whatever changes the security policy for the domain requires/permits will govern this.

It is possible to change a passsword from within a Web browser I suppose, although this does not strike me as a very good idea.

These domain Account passwords should not be allowed to be changed from within FIleMaker Pro as this would be a huge security issue.

Steven

The users are local users belonging to applicable groups with the "log on as a service" user right. I am mainly looking for a way to have the users take ownership of their passwords. Any suggestions?

These are Groups and Accounts on the FileMaker Server at the OS level then? And not AD or OD domain controller Accounts?

Steven

Yes

It might be possible to manipulate them with a web browser or something similar. I need to look into this. It may also not be a good idea to do this.

Steven

If it presents too much of a risk, I am resolved to manage the passwords myself. Please let me know if you think of anything.

I know it's possible to do against the AD, not so sure against local accounts from a remote machine. Either way it has to be done very very carefully so as not to introduce security issues.

The whole point of using EA is to leverage existing security infrastructure. It doesn't sound like that's the case in this scenario which might actually decrease security instead of increase it.

If you want to look into it, check for ASP/VBscript examples that use WMI (Windows Management Instrumentation) to work against local accounts.