1. Introduction

BoostSolutions Password Reset is a simple yet highly-featured web part that lets users reset their password right on their SharePoint page without having to contact IT or administrator. Resetting a password can be done right on the web part or through an email confirmation.

Please note: anonymous access must be activated to use Password Reset web part.(See the best practice)

2. Create and Set Up Password Reset for a Domain

Go to Central Administration > BoostSolutions Software Management > Password Reset Settings

Setup SharePoint Password Reset web part for domain.

Once on Password Reset page, click “Create new password reset setting”

SharePoint Password Reset setting is created.

There are two kinds of Authentication Types – Windows Authentication and Form Based Authentication.

SharePoint Password Reset web part supports two types of authentication.

2.1. Setting up Windows Authentication

Setting up Windows Authentication Password Reset is quite simple and easy to understand. If all information is set up properly, you may Test the connection and see that it will confirm that it is valid. (See below)

Windows authentication for SharePoint Password Reset.

However, if information is not correct, an error message will prompt you when you click the Test button.

SharePoint Password Reset tests authentication

2.1.1. Security Questions

Security question for SharePoint Password Reset web part.

Refer to the figure above as each function in the Security Questions tab is explained:

1. Enable Security Questions – checking this box means that resetting password involves answering security question(s).

2. Basic Setting – indicate the maximum number of security question(s) user could define. Maximum number of security question allowed is 3. A prompt would appear if you’ve exceeded the maximum number of security questions allowed.

SharePoint Password Reset basic settings

3. Password Receive Type – users would receive their password reset code via email or straight on the web part.

4. Custom Security Questions – besides the default security questions you set that users can use from; ticking the box means users can formulate their own password reset security question.

2.1.2. Email Settings

SharePoint Password Reset email settings for password deliver.

1. Reset Password via E-mail – ticking this box lets the user choose to reset his password via an email that contains a confirm link to reset his password.

2. Alternative Email – enabling this feature let users input their alternative email just in case the default email is also locked out. Administrator may choose to force the user to input an alternative email where the password reset details would be sent to.

2.2. Setting up Form Based Authentication

Password Reset also can reset the password of users in form authentication (Based on SQL server), but Password Reset settings depend on the configuration of the form authentication.

On Central Administration > BoostSolutions Software Management > Password Reset Settings

License management of SharePoint Password Reset

ISS management settings for SharePoint Password Reset.

Unlike Windows Authentication, it only supports one (1) security question.

SharePoint Password Reset on ISS only supports one security question.

But other features are same as Windows Authentication settings.

Windows authentication settings of ISS for SharePoint Password Reset.

SharePoint Password Reset web part security question

Alternative email settings for SharePoint Password settings

3. Basic Uses of Password Reset

Sample Scenario: Administrator has already set up the Password Reset, so users need to set up their Password Reset settings.

3.1. Setting up Password Reset

A user may set his/her Password Reset settings on the Account Settings:

SharePoint Password Reset for end users.

If a user has not yet set up his/her Password Reset settings, there’s a popup on the corner right hand side of their web page constantly reminding the user to set his Password Reset preferences.

SharePoint Password Reset notification.

Click the Manage Password Reset Settings, and we will be directed to My Password Reset Settings page.

Reset SharePoint Password by inserting current password, answering security question.

1. User must confirm his identity by typing in his/her password. Password is compulsory or else it will not confirm your settings.

2. Depending on the administrator’s settings, the user may choose to set up his/her own security question, otherwise the user must choose from the dropdown menu of available preset security questions.

3. Also depending on the administrator’s settings, an alternative email may be set up in case the AD email is also locked out.

Click OK to confirm everything and My Password Reset settings is saved.

3.2. Resetting Password

Sample Scenario: User jane is locked out of her computer. Assuming she has properly set up her Password Reset; here, we would show how to retrieve her password through BoostSolutions Password Reset.

A Password Reset web part is available on the home page. On the web part, Jane must input her domain and username.

SharePoint Password Reset web part requires users name and domain.

A prompt would ask Jane if she wants her password reset via a Security Question or via Email Address.

SharePoint Password Reset offers two ways to reset password.

a) Let us test out the Via Security Question first. Upon clicking the radio button, a prompt would ask Jane to answer the security question she has previously set up.

Reset SharePoint Password via answering security question.

If her answer is correct she answers the security question and click Next, a new password will be displayed and will prompt the user to sign in with the new password.

New SharePoint password after resetting password.

b) On the other hand, we will also show you how the via Email Address works.

Reset SharePoint Password via end user’s email.

After clicking the Via Email Address radio button, it will prompt you to confirm that the password reset be sent to your email, click Next and the new password will be sent to your email.

Email used to reset SharePoint password.

It is important that you set up the Password Reset SMTP settings to make sure you are able to send emails with the new password.

4. The Best Practice to Use the Password Reset

Note:The environment in this example is based on Windows Server 2008 R2, SharePoint 2010, IIS 7.5 and BoostSolutions Password Reset 1.3.

4.1. Problem

Password Reset Web Part is designed to reset password if users forgot their password or their password are expired. But in general, users who don't know the password cannot login the SharePoint site even though the Password Reset web part is added in a SharePoint page. The big challenge is that the SharePoint web sites don't allow anonymous access by default.

anonymous cannot access site by default

4.2. SharePoint Anonymous Access

Note:We didn't configure following settings automatically in our product because it will change the security settings. Please make sure you understand the meaning of following operation.

In order to access the web page for the users which don't know their password, you have to enable the SharePoint anonymous access, and by default it is closed for security reason. SharePoint supports anonymous access control in different level. And Farm administrator, site administrator and list administrator could decide if enable the anonymous access in the web application, site and list level. And you can only make the anonymous user access the Password Reset page to protect your data which stored in the SharePoint.

4.3. Make the BoostSolutions Password Reset Accessiable

4.3.1. Configure the SharePoint Anonymous Access

1. Enter the Web Application Management page through SharePoint 2010 Central Administration ->Application Management ->Manage web applications.

Choose and set the web application

2. Click the web application which needs the password reset in the web application list and click the Authentication Providers ribbon button to enter the Authentication Providers setting page.

Choose and set the web application

3. Click the Zone which the password reset will work in (In general, it's the Default) and enter the Edit Authentication page.

4. Check the checkbox in the Enable anonymous access to enable it. And logout from the SharePoint 2010 Central Administration.

Enable anonymous access

5. Enter the SharePoint site which need the password reset, and enter the permission setting page via Site Actions -> Site Permissions menu.

Set anonymous access permission

6. Click the Anonymous Access ribbon button to open the anonymous access settings.

7. Check the Lists and Libraries options and click OK.
The Entire Web site options means all lists and items could be accessed by the anonymous users in this SharePoint site.
And the Lists and Libraries options means the anonymous usercannot access the data in list or libraries unless it is configured in lists (libraries).

Limits the anonymous access parts

4.3.2. BoostSolutions Password Reset Page

BoostSolutions Password Reset supplies a special page in the product folder, which contains a password reset. You can access the page through http://<siteurl>/_layouts/SharePointBoost.PasswordReset.PL/AnonymousWebpartPage.aspx

BoostSolutions Password Reset Page

You can send this link to your users when they need to reset password or use following step to configure the 401 redirect.

BoostSolutions default Password Reset page only contains the Password Reset control to reset password. It maybe cannot fit you SharePoint theme. It's written by the standard aspx Page and you can customize it though any editor.

Besides, you can also add our Password Reset Web Part to a custom Web Part page, and enable anonymous access for this page. You can use this page as your password reset page.

4.3.3. Use the 401 Error Page to Redirect Automatically (optional)

If you configure the 401 redirect settings in the web.config file in a site, users which login failed will be redirected to the password reset page automatically.

1. Run the IIS Manager via Start ->Administrative Tools ->Internet Information Services (IIS) Manager Right click the site (It maps to a SharePoint Web Application) in the site tree and click Explore to open root folder of this site.

Configure password reset redirect

2. Create a loginfailed.html in this folder and add a link to the password reset page. (click here to download ).

3. Use any xml editor or text editor to open the web.config file. (Before doing this, you'd better make a copy for it).

4. Use the search tool to find the httpErrors node. And change it as following image. You can replace the path to any web page you want to redirect to.

Set the path to password reset page

5. Save the web.config file and close the editor.

6. Login in to your SharePoint site
Enter a wrong password when the web browser prompt you log in and click OK, the web browsers will give you another login prompt again because you login failed. And then click Cancel, the web browsers will show the loginfailed.html.

Reset forgotten or expired password

7. You need to repeat the step 1 – 7in each WFE (Web Front End) server and Application server.

Real Time Web Analytics