Each Active Directory user account has a number of account options that determine security and password settings for logon and authentication.
|User must change password at next logon||Forces a user to change the password the next time the user logs in.|
|User cannot change password||Prevents a user from changing their password.|
|Password never expires||Prevents a user password from expiring.|
|Store passwords using reversible encryption||Determines whether a user's password is stored using reversible encryption.|
|Account is disabled||Prevents a user from logging on with the account.|
|Smart card is required for interactive logon||Requires that a user possess a smart card to log in interactively.|
|Account is trusted for delegation||Allows a service running under the account to perform operations on behalf of other user accounts.|
|Account is sensitive and cannot be delegated||This option can be used if an account cannot be assigned for delegation by another account.|
|Use DES encryption types for this account||Allows restricting users to use only Data Encryption Standard (DES) encryption types for keys.|
|Do not require Kerberos pre-authentication||Provides support for alternate implementations of the Kerberos protocol.|
To modify account options, users must have the rights to modify the following properties of AD user accounts:
In this tutorial, you will learn how to add the permissions necessary to modify user account options to an existing Security Role.
Launch Adaxes Administration Console.
Expand Adaxes service \ Configuration \ Security Roles and select the Security Role you want to modify.
In the Permissions section located to the right, click Add.
In the Add Permissions dialog, do the following:
In the Property-specific permissions list, check the Write Account Options permission in the Allow column.
The Write Account Options permission grants the right to modify all account options, except the following:
To grant the rights to modify the three account options, you also need to add the Write Password Last Set and Write User Cannot Change Password permissions.
Click Save changes.