Supported Authentication Providers for Password Reset
Password Reset can be configured to add accounts to the following authentication providers:
- Active Directory Services (Windows)
- NT Directory Services (Windows)
- Forms Based Authentication using the following membership provider:
- SQL Server membership provider
Authentication providers not specifically listed here are not supported with Password Reset.
The Authentication Provider Administrator Account configured in the Authentication Providers settings must have the following minimum permissions to create accounts in Active Directory Services or NT Directory Services:
- The Create User Objects permission for an organizational unit or the domain is required to create accounts and set some account properties.
- The Reset Password permission on the User Object is required to set account passwords.
- The Write All Properties permission on the User Object is required to set remaining account properties.
- The Write All Properties permission on a Security Group is required to add an account to a group.
NOTE: If the Authentication Provider Administrator Account permissions are not set as described above, Password Reset users will not be able to create and configure all account properties allowed in the web part.
Sometimes we see customers attempt to enter the fully qualified domain name (FQDN) for the Domain field; this should be the NetBIOS (pre-Windows 2000) name of the domain. For example, the Domain field should be the “domain” portion of the account’s logon – “bambooadmin” should enter “bamboo” in the Domain field, not “bamboo.local”.
The SharePoint Administrator Account configured in the Authentication Providers settings is used to add users to SharePoint groups and to modify the SharePoint User Information List (Windows SharePoint Services 3.0 and SharePoint Foundation 2010 only). The SharePoint Administrator Account should be a site collection administrator.
Setting up an Anonymous Access SharePoint Site
By default, anonymous access is not enabled in SharePoint 2010 nor SharePoint 2013. SharePoint administrators may want to enable anonymous users to have access to content without having to provide authentication credentials. Anonymous access is permitted or denied based on the permissions for the site. Additional configuration is needed for anonymous users to access content or web parts within a site.
For information about the SharePoint permissions given to the anonymous account, this article from Microsoft provides a good summary: Decide whether to allow access for anonymous users.
|To configure anonymous access on one particular site in a Site Collection, you first access Central Administration > Application Management > Manage web applications
IMPORTANT: You must have access to the SharePoint Server and IIS Manager in order to complete this task.
|Select the Web Application containing the site you want to configure for anonymous access.
|Configure the Authentication Providers; in this example, the only choice is Default.
|This opens the settings to Edit Authentication, where you can check the box to Enable anonymous access for that Web App zone.
|Once this has been done, when you go back to the Web App Ribbon and select Anonymous Policy, you will be able to select the zone (or All Zones in this case, since Default was the only zone), and then choose any restrictions to anonymous access.
By default, “None – No policy” is set, so you need do nothing here since you do not want to place any restrictions on anonymous access.
|Up to this point, you have preconfigured where you want to allow anonymous access to be set. But now you need to set the final settings at a Site Collection or Site level or anonymous users will not have any access.
|Navigate to the location where you want to allow anonymous access and go to Site Actions > Site Permissions
|Notice now in the Ribbon, there is an option for Anonymous Access.
|To grant anonymous access only to a sub-site in a Site Collection, then nothing should be done with Anonymous Access at the Site Collection top-level. Instead, navigate to the sub-site and from there select Site Actions > Site Permissions.
This will show that this sub-site is inheriting permissions from its parent; to allow anonymous access to this sub-site, you need to break inheritance from the parent site — click the Ribbon option Stop Inheriting Permissions.
|The Anonymous Access button is now available on the sub-site Ribbon and when you open the option, you have some choices available.
The default setting is “Nothing” but you can change it to allow anonymous access to the entire site or to Lists and Libraries only.
|You will also note that the Anonymous Users has been added to the site permissions showing the permission level you selected.
This site can now be accessed without the need to login.
Resetting Your Password
Password Reset provides two types of authentication for password reset requests: email confirmation and security question & answer. Depending on how your admin has configured the web part, when you reach a page that contains Password Reset you will see one of two different views.