Instant Messaging

Set the Password Policy

Most companies will want to use Integrated Windows authentication for Instant Messaging. Integrated Windows authentication results in a seamless, automatic logon process for end-users (if logged into a Windows 2000 account, end-users do not need to furnish additional username and password credentials to use Exchange Instant Messaging). If you want to use Integrated Windows authentication, the Instant Messaging default authentication method, no further action is required.

If you need to authenticate through proxies, or if you are running Instant Messaging clients on other operating systems (such as UNIX), you may want to use Digest authentication instead. (Digest is based on the HTTP standard.) When using HTTP Digest to authenticate Instant Messaging users, the Instant Messaging security mechanism must be able to retrieve unencrypted user passwords from Active Directory. For this purpose, you must change the domain controller's password policy to store the passwords in a reversible, encrypted format.

Note   Instant Messaging uses the same passwords as Windows 2000 Server. You reset user passwords from the Active Directory Users and Computers snap-in. For specific instructions, refer to the Windows 2000 online documentation.

To set the password policy:

  1. Start Active Directory Users and Computers
    On the Start menu, point to Programs, point to Microsoft Exchange, and then click Active Directory Users and Computers.
  2. Right-click the Windows 2000 domain node in the console tree, and then click Properties.
  3. On the Group Policy tab, select Default Domain Policy, and then click Edit.
  4. Navigate to Password Policy.

    Default Domain Policy [server_name]

    1. Computer Configuration
    2. Windows Settings
    3. Security Settings
    4. Account Policies
    5. Password Policy
  5. Double-click Store password using reversible encryption for all users in the domain.
  6. Under Define this policy setting, click Enabled, and then click OK.
  7. Close the snap-in.
  8. Allow several minutes for the change to take effect.

Tip   To propagate this change immediately throughout the domain, type the following command from a command prompt:

secedit/refreshpolicy MACHINE_POLICY

Related Topics

HTTP Digest Authentication