Step 8: Verify SSPR

Verifying our SSPR implementation consists of the following steps:

• Register CORP\jsmith using the rich-client.

• Reset CORP\jsmith’s password from CTRL+ALT+DEL.

• Register CORP\jsmith in the Password Registration Portal

• Reset CORP\jsmith’s password from the Extranet

• Log into Outlook Web Access from CLIENT 2 to verify the password change worked.

• Register CORP\jsmith to demonstrate our QA gate constraints.

Register CORP\jsmith using the rich-client.

First, we will demonstrate registering our user John Smith using the rich-client. This will involve logging on to the Password Registration portal and providing answers to our 3 questions.

To register CORP\jsmith in the Password Registration Portal

1. Log on to CLIENT1.corp.contoso.com as CORP\jsmith.

2. Because John Smith has not registered yet, internet explorer will automatically start and navigate to the password registration page. Enter John Smiths credentials in the pop-up box and click OK.

3. On the Password Registration home page click Next.

4. On the Your Current Password page, enter John Smiths password in the box and click Next.

5. On the Register Your Answers page, in the box under What is your mothers middle name? enter Michelle.

6. On the Register Your Answers page, in the box under What is your fathers middle name? enter Norman.

7. On the Register Your Answers page, in the box under What is your pets first name? enter Spot.

8. Click Next.

9. Click Finish.

10. Close Internet Explorer.

11. Log off CLIENT1

Reset CORP\jsmith’s password from CTRL+ALT+DEL.

Now we will reset CORP\jsmith’s by using the link that is presented when we go to log on to our client machine.

To Reset CORP\jsmith’s password from CTRL+ALT+DEL.

1. On CLIENT1, hit CTRL+ALT+DEL. This will bring up the login prompt. Click the link that says Forgot your password?

2. This will bring up a Forefront Identity Manager 2010 R2 Authentication Required window.

3. On the Authentication Required page, in the box under What is your mothers middle name? enter Michelle.

4. On the Authentication Required page, in the box under What is your fathers middle name? enter Norman.

5. On the Authentication Required page, in the box under What is your pets first name? enter Spot.

6. Click Next.

7. On the Enter Your New Password screen, in the box under New password enter Pass1word$2

8. On the Enter Your New Password screen, in the box under Confirm new password enter Pass1word$2

9. Click Reset. This will tell you that you have successfully reset your password. Click Finish.

Register CORP\jsmith in the Password Registration Portal

Now we will demonstrate registration through the portal. This will involve logging on to the Password Registration portal and providing answers to our 3 questions.

To register CORP\jsmith in the Password Registration Portal

1. Log on to CLIENT1.corp.contoso.com as CORP\jsmith.

2. Click Start, select All Programs, and then click Internet Explorer (64-bit).

3. In the Internet Explorer address bar enter https://passwordregistration.corp.contoso.com and hit enter. Enter John Smiths credentials when prompted.

4. On the Password Registration home page click Next.

5. On the Your Current Password page, enter John Smiths password in the box and click Next.

6. On the Register Your Answers page, in the box under What is your mothers middle name? enter Jane.

7. On the Register Your Answers page, in the box under What is your fathers middle name? enter John.

8. On the Register Your Answers page, in the box under What is your pets first name? enter Fido.

9. Click Next.

10. Click Finish.

11. Close Internet Explorer.

12. Log off CLIENT1

Reset CORP\jsmith’s password from the Extranet

Now we will reset CORP\jsmith’s account from a machine that is not joined to our domain, CLIENT2. CLIENT2 is sitting on the same subnet as our domain and is using the same DHCP server so name resolution for our password reset site will not be an issue.

To Reset CORP\jsmith’s password from the Extranet

1. Log on to CLIENT2 as the default user.

2. Click Start, select All Programs, and then click Internet Explorer (64-bit).

3. In the Internet Explorer address bar enter https://passwordreset.corp.contoso.com and hit enter. This site will come up but it will say that there is a problem with the website’s security certificate. This is because CLIENT2 knows nothing about the CA (as being trusted or not) on DC1. This can be ignored. Click Continue to this website (not recommended).

4. On the Password Reset home enter CORP\jsmith and click Next.

5. On the Submit Your Answers page, in the box under What is your mothers middle name? enter Jane.

6. On the Submit Your Answers page, in the box under What is your fathers middle name? enter John.

7. On the Submit Your Answers page, in the box under What is your pets first name? enter Fido.

8. Click Next.

9. On the Choose Your New Password screen, in the box under Enter a new password enter Pass1word$3

10. On the Choose Your New Password screen, in the box under Re-enter the password enter Pass1word$3

11. Click Next. This will come back and say that the password was successfully changed.

12. Close Internet Explorer.

Log into Outlook Web Access from CLIENT 2 to verify the password change worked.

Now we will log on to Outlook Web Access using the newly changed password.

To log into Outlook Web Access from CLIENT 2 to verify the password change worked.

1. Click Start, select All Programs, and then click Internet Explorer (64-bit).

2. In the Internet Explorer address bar enter https://ex1.corp.contoso.com/owa and hit enter. This site will come up but it will say that there is a problem with the website’s security certificate. This is because CLIENT2 knows nothing about the CA (as being trusted or not) on DC1. This can be ignored. Click Continue to this website (not recommended).

3. On the Outlook Web App screen, next to Domain\user enter CORP\jsmith.

4. On the Outlook Web App screen, next to Password enter Pass1word$2.

5. Click Sign in. Outlook web access should now come up.

6. Close Internet Explorer.

Register CORP\jsmith to demonstrate our QA gate constraints.

Now we will demonstrate the registration constraints that have been setup on our QA gate. That is, we will show what happens when CORP\jsmith enters an the same response for a challenge question.

To Register CORP\jsmith to demonstrate our QA gate constraints.

1. Log on to CLIENT1.corp.contoso.com as CORP\jsmith.

2. Click Start, select All Programs, and then click Internet Explorer (64-bit).

3. In the Internet Explorer address bar enter https://passwordregistration.corp.contoso.com and hit enter. Enter John Smiths credentials when prompted.

4. On the Password Registration home page click Next.

5. On the Your Current Password page, enter John Smiths password in the box and click Next.

6. On the Register Your Answers page, in the box under What is your mothers middle name? enter Mom.

7. On the Register Your Answers page, in the box under What is your fathers middle name? enter Dad.

8. On the Register Your Answers page, in the box under What is your pets first name? enter Spot.

   

9. Now note that these answers will violate the default setting of ensuring that all answers are at least 4 characters long. Click Next.

10. Notice we get an error stating are answers do not compy with policy. Now lets change our answers.

    

11. On the Register Your Answers page, in the box under What is your mothers middle name? enter Jane.

12. On the Register Your Answers page, in the box under What is your fathers middle name? enter Jane.

13. On the Register Your Answers page, in the box under What is your pets first name? enter Spot.

14. Now note that these answers will violate the default setting of ensuring that are answers are not duplicate. Click Next.

15. Notice we get the same error saying that our answers do not comply. Go ahead and re-register using the correct values from the steps above.

16. Click Finish.

17. Close Internet Explorer.

18. Log off CLIENT1