Hi all, I have a situation whereby there are a large number of PCs in an organisation logged in as generic users. Multiple people use these PCs to access webmail etc. I have FIM 2010 (r1) set up for SSPP but can users register themselves whilst logged in at a PC with a generic login without having to log in themselves? Many thanks, Martin Martin

Thanks Chris, this would make sense to me. So basically on the Sharepoint site for \IdentityManagement we need to set this up to not pass credentials and always prompt! This sounds good but as a SharePointnaphobe i am not so hot on making this change, any advice on where to make this change please anyone? Thanks again. Martin

I'm not using FIM SSPR, but based on my understanding you would not be able to use the FIM client extension to prompt them on login (obviously) but the web portal registration might be made to work in your scenario. You would have to set the client's IE browser not to automatically flow the credentials, but rather to "always prompt" for the security zone the FIM password portal fell into. I would think that would work, but you'd have to test it obviously. And there'd be no way for you to force users to register their reset information on login since they aren't actually logging in. The concern I always have with users registering for SSPR or anything like that while logged in as someone else's account, or a generic account, is the possibilty of them registering someone else's reset data for them, mistakenly or otherwise. As long as they are prompted to re-enter their password before continuing it shouldn't be a security issue, but it could be a hassle to the end user or a potential account-lockout situation. Perhaps someone else can give you a more authoritative answer. Chris

Thanks Chris, this would make sense to me. So basically on the Sharepoint site for \IdentityManagement we need to set this up to not pass credentials and always prompt! This sounds good but as a SharePointnaphobe i am not so hot on making this change, any advice on where to make this change please anyone? Thanks again. Martin

To update this i have found the following, credentials are passed by Internet Explorer so i can turn this setting off here: Specify the Intranet Zone for Vista/IE7 and the Trusted Sites zone for XPPro/IE66. In IE go to Tools on the menu line; Select Internet Options; Select Security for the zone in which your WSS site is in. Click on Custom Level; scroll down to the end, there's a User Authentication/Logon section; change "Automatic logon with current name and password" to "Always prompt for username and Password" So once you close ALL IE windows open it will then log the user out! Martin