Microsoft Online's Password Change Policy pt. 2

MSOL Exchange Hosted No Responses »
Apr 112011

Well, it’s been ten months since my last post on this topic.  I believe if my site was The Consumerist, their response would fall into the ‘Taking it Seriously’ category.  For those of you interested in this topic, the  transcripts are below. (edited for the removal of sensitive or redundant information. Emphasis (bold) is mine.) If you’re not interested in the topic, skip this post if you know what’s good for you because I’m posting customer service correspondence. There will be a captioned cat at the bottom, so this post has THAT going for it.

Short version: If you’re logged into more than one computer with their Single Sign On (SSO) tool and you change your password at one of those computers the other SSO tool stays signed in, stops working, and offers no notification that this has happened. Outlook just shows you this lovely popup that explains everything very eloquently.

Me:
As I have been with this service for a while, we’ve had a chance to experience the password change cycle, and would like to ask for a change in function for the process.

I allowed my password to expire to experience how often the user would be notified, and how they would be notified. I tested on XP and Win7 desktops, which performed pretty much the same in this task. I received a systray notification about once per day telling me my password was expiring.

When my password expired, I did NOT get a ‘Hey, you’re expired now’ popup. Email just stops working when it expires. Outlook displays ‘Need Password’ in the bottom right, and you will get the credential popup from Outlook. The former is easy to miss, and the latter is VERY confusing in appearance to a user since the server name is nearly unidentifiable to them. Many people think they are now supposed to log into that popup box in Outlook, and never look at the Sign-In tool again!

Worst of all, the Sign In tool box still shows you as being signed in (solid blue, no red x)! We have trained our users that a solid blue Sign in tool means they are properly signed in. This behavior also occurs if a user changes their password at home, then arrives to work and wonders why their email isn’t working despite the sign-in tool saying they are signed in.

I would like to request that the sign in tool does a better job of checking its current credentials, and that its icon change in a way that notifies the user that they are no longer properly signed in. Also, either a systray popup notifying them that their password has expired/changed, OR disabling the Sign-In tool’s Auto-minimize feature when the password is expired (since many users seem to just click systray balloons away)
Thank you for your consideration.

MSOL:
We take the issue very seriously and understand the inconvenience. However, at this time the design of the system is to warn users only when their password is about to expire. Single Sign On will stay signed in even after the password expires, until the user signs off. Once the user signs off, it will prompt them to change their password. I do understand the inconvenience with programs like Outlook that constantly check for credentials every time it query’s the server.

I see that this issue has been submitted to the Development Team and is being considered for a future release of the BPOS Service. It may have an improvement when Office 365 is released later this year.

Me:
I recognize what you said in your previous communication: “However, at this time the design of the system is to warn users only when their password is about to expire.” I hope it IS being strongly considered for a change in behavior. A SSO tool that doesn’t track the user’s current authentication status across multiple machines is lacking in my opinion. Part of the utility in your service is the ease with which we can set users up with their work email at a desktop at work, a laptop, and their home computer. This advantage becomes a headache as soon as a user changes their password at one of these locations, and the other locations fail to automatically notice they are no longer authenticated.

Take the Google Talk application as an example. I have it installed on three machines. If I change my password for Gmail at any location, when I log into another location I’m nearly immediately shown a prompt to enter my current password. This is the kind of behavior I’d expect from a SSO tool.

MSOL:
Thank you for your response. We greatly appreciate feedback with issues like this from our customers, as it helps us tailor the product into a more user friendly, streamlined product. I apologize that we do not have an immediate fix for you, but it is being strongly considered for future updates and versions, including Office 365.

Well, if you made it this far, you’re either very interested or you fell asleep and your nose is on the Down arrow key. I promised a captioned cat picture, and I’m following through dammit!

This information about the Sign in tool is true as of v 1.0.1427.040.

Posted by CplShoe at 07:00 Tagged with: , , , , ,

Cannot insert PDF objects into a PowerPoint file.

How-To 3 Responses »
Apr 072011

This one had me chewing my teeth for a few days, but it looks like it’s been worked out.  The issue is that a user will try to insert a PDF into a PowerPoint file (any version 2003/2007/2010), and they receive the following error:

The Server Application, source file, or item cannot be found, or returned an unknown error. You may need to reinstall the server application.

PDF to PPTX Error

You can try to insert via Insert Tab—>Object—>Adobe Acrobat PDF or dragging and dropping the PDF directly into the PowerPoint file.  The fix for this I found after posting to the Adobe forums. Disable Protected mode if you are running Adobe Reader X. (this is accurate as of v 10.0.1)

Disable protected mode manually by choosing Edit > Preferences > General tab and deselecting Enable Protected Mode. The fix wasn’t immediate for me oddly enough.  It made the “Create New” button work for inserting, but not “Create From File”.  This behavior ended after a day, perhaps a reboot is in order after changing the setting.  Either way, it worked!

Let me know if you’ve had a different experience. More importantly, update the Adobe forum threads discussing this if you have additional info to add.

Posted by CplShoe at 11:48 Tagged with: , , , ,

Outlook 2007 "The Operation Failed"

How-To, Windows 7 3 Responses »
Jan 272011

The Operation Failed: Outlook 2007

So, I had a lot of fun troubleshooting this one. The user has a new HP ProBook laptop running Windows 7 and Office 2007. The symptom is that they can not consistently send an email with more than one addressee. When the user sends an email with more than one address, as soon as they hit Send, they receive the error “The operation failed.” This symptom persists on both email accounts associated with the Outlook profile. (A POP3 and an Exchange account)

Searching on this error, I found many variations to its cause, and a lot of proposed solutions. What worked for me, was uninstalling the entire HP ProtectTools suite, and then performing a Repair operation on Office from Add/Remove Programs. I think that approach might be a bit heavy handed, but I was short on time at the moment, and the suite was only interfering with the user’s work, not augmenting it.

If I have the opportunity to work on this again, I’m going to start with HP’s Privacy Manager that hooks into Outlook and installs a toolbar.  Many of the posts I read seemed to have the common theme of killing a third party application that was trying to augment Outlook. If you have this problem, and come across a more elegant solution than nuking HP ProtectTools from orbit, let me know!

Posted by Admin at 10:54 Tagged with: , , , , , ,

Random MAC address tip!

How-To 1 Response »
Aug 112010

I recently had cause to need the MAC address of a Windows XP machine on my network that was logged into by another user, so I couldn’t do my usual laborious Remote Desktop—> CMD —> Ipconfig /all.  That’s right. I had to learn how to get it the easy way, and I thought I’d share it with the class.

It involves using the ARP (Address Resolution Protocol) command, which I’m dreadfully unfamiliar with. If you open a command shell and just type ARP, the results aren’t all that fascinating. I get the IP and MAC addresses for my internal DNS servers, and my gateway.

Now, ping the computer you need the MAC for.  You can ping it by name, or by IP. Do ARP –a, and the same servers are listed, but in addition you get the server you just pinged in the list. Handy! Depending on your recent network activities, multiple computers besides the ones I specified may be included in this list.

Thanks to ‘UberGeek316’ for the tip!

Posted by CplShoe at 11:03 Tagged with: , , , , , , , ,

Microsoft Online's Password Change Policy

Just BS, MSOL Exchange Hosted 1 Response »
May 262010

This is a point of some mild irritation for me. First, I’ll explain what is installed on your computer, and their password requirements.

When you use the MSOL service, you install their Sign In tool. This tool’s purpose is to manage the various applications you have available to you as part of their BPOS suite, and to log you in automatically. It’s very similar to something like the Google Talk client when you remove the “Talk” part of the client’s function. It logs you in, and provides updates to your online service.

Next, is their password requirements:

- At least 7 characters.  [No arguments here.]

- A combination of Upper and Lower case letters. [yay!]

- At least one number or symbol. [Perfect. More secure than my bank which actually disallows symbols]

- Cannot change your password more than once in 24 hours. [Eh?  I know this is to defeat people who change their passwords multiple times to get back around to their original password. But read the next bullet...]

- Cannot re-use your previous 25 passwords. [TWENTY FIVE??? With the previous bullet item in effect, this rule effectively just tracks your ability to track your progress through 25 combinations of Password01 through Password25. This adds nothing but trouble for IT who has to explain why their email password is impossible to remember. My prediction: Everyone in the company has a Post-It note stuck to their monitor with a number between 1 and 25 written on it... If we're lucky.  In reality, it'll probably be the whole password.

I thought I'd take some time and add a few more helpful rules.

- You may not use any letter or number that you used in your previous eleven password changes.
- Submit your identity for a background check and home inspection so we can be sure you're not using a family member/pet name or birthday.
- Hold the laser in your mouse up to your eye for a retina scan

Ok, I'm feeling a little better. Moving on to a new complaint. We all know how users can be about changing their passwords.  They wait until the very last day, often only changing it when Windows refuses to let them log into their computers without doing so.  (I certainly do this with my domain login.) With the Sign In tool, you receive daily notification at about two weeks out that your password is expiring. No problem there. My problem lies in what happens when your passwords DO expire.

  1. Your email just stops sending/receiving.
  2. The icon in your system tray that reports that you are signed in still says you are signed in, and never provides a popup letting you know your password has expired.
  3. Outlook throws the following helpful box up at you:

Ah, good old RED001.local.  Users know what to do with that, don’t they?  Don’t get me wrong here, users had to ignore 10-20 notifications that this day was coming in order to get here, but that is what users do. Software needs to be tolerant of this. I have a request in with Microsoft to improve how their tool works and I’ll update this when I get their response.

Posted by CplShoe at 12:16 Tagged with: , , , , ,

Open commenting!

Just BS No Responses »
Apr 222010

I’ve made commenting open to anonymous commenters if you care to leave your thoughts. (who the hell is going to make an account on MY sad little chunk of real estate anyways?) I’m going to try various CAPTCHAs, and see how well they do. I came across this first one, Resisty on HACK A DAY. It’s neat in concept, but I’m not sure it will work well with my dark background.  I had to update the explanation text around it to make it more clear how the CAPCHA works.  Maybe that’s all the proof I needed? :)

Posted by CplShoe at 17:51 Tagged with:

Input Error: There is no script engine for file extension “.js”.

How-To 7 Responses »
Apr 142010

Associating Javascript in Command ShellI ran across this error a few days ago while setting up a PHP server on my Windows XP Pro SP3 box for testing purposes.  As part of this setup, a script needs to be run that associates the .php extension with php-cgi.exe. Here is the script:

cscript %windir%\system32\inetsrv\fcgiconfig.js -add -section:"PHP" ^
-extension:php -path:"C:\PHP\php-cgi.exe"

The problem, is that when I tried to run the script, I got the error: Input Error: There is no script engine for file extension “.js”. It took me quite a bit of searching before I found the fix that worked for me on this IBM forum. Hopefully, if you’re facing this issue, you find my article before the 100 other articles talking about the 99 other fixes that didn’t work for me. :) Continue reading »

Posted by CplShoe at 17:11 Tagged with: , , , , , ,

CSS Math! (How to figure out CSS selector priority)

How-To, HTML and CSS 1 Response »
Apr 062010

specificitywars Today, I ran into a problem with some CSS code I was modifying.  I was making what I thought was a simple change, but the change refused to show up when I refreshed.  Changing the declaration type from a class to an ID, and stripping out some HTML selectors made the problem go away, but I knew that wasn’t the right thing to do.  That’s when I ran across this article at hungred.com.

Selector Order Priority

I knew CSS favored more specific over less specific.  However, I mixed up what that meant. I thought more specific was just to have MORE information pointing at the item in question. It’s not quite so simple. Compare the following two samples:

<style>
p .bordered {
border: 1px black solid;
}
.bordered {
border:	5px red dotted;
}
</style>
<div>
	<p class="bordered">Bordered?</p>
</div>
<style>
p.bordered {
border: 1px black solid;
}
.bordered {
border:	5px red dotted;
}
</style>
<div>
	<p class="bordered">Bordered?</p>
</div>

Continue reading »

Posted by CplShoe at 21:43 Tagged with: , , , , , ,

Enabling new regional themes in Windows 7

How-To, Just BS, Windows 7 No Responses »
Mar 292010

Win7ThemeDir Did you know that Windows 7 shipped with at least four regional themes that you can’t see by default? Me either until this week!  It’s pretty simple to install each one, you’ll be done in seconds.

Paste each of the following lines into the address bar of a windows explorer window, and hit enter. (see pic to the left for clarification) Once you are inside the folder, double click the XX.theme file in there to install it. If you browse the folders manually instead of using these links, you will need to disable hidden files and folders.

%windir%\Globalization\MCT\MCT-AU\Theme
%windir%\Globalization\MCT\MCT-CA\Theme
%windir%\Globalization\MCT\MCT-GB\Theme
%windir%\Globalization\MCT\MCT-US\Theme
%windir%\Globalization\MCT\MCT-ZA\Theme

I’ve also seen that some of the following country themes exist, though I don’t have access to them on a US licensed version of Home Premium. If you want to see everything you have available, just browse back to the MCT folder, and see what’s in there!

%windir%\Globalization\MCT\MCT-DE\Theme
%windir%\Globalization\MCT\MCT-JP\Theme

Each time you double click a theme file it will open your personalization control panel, so you may as well leave it open until you’re done. Once all your themes are installed, enjoy all of your new choices!

SATheme

Posted by CplShoe at 05:11 Tagged with: , ,

Windows 7 sleeps like a newborn... It wakes up every few hours.

Just BS, Windows 7 No Responses »
Mar 272010

It wakes up whenever it feels like it, and offers me no answers on why.  When checking the event viewer, I see the following entry:

The system has resumed from sleep.
Sleep Time: ‎2010‎-‎03‎-‎27T06:09:43.164534500Z
Wake Time: ‎2010‎-‎03‎-‎27T10:03:03.591291200Z
Wake Source: Unknown

Continue reading »

Posted by CplShoe at 16:23
Older Entries
© 2012 Network Night at Cpl-Shoe.com Suffusion WordPress theme by Sayontan Sinha