THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT Server versions 5.2.5 and later
QUESTION
Can I turn on/off the Change Password feature for AD users in the Web Transfer Client?
ANSWER
Active Directory (AD) and LDAP Site users can change their AD passwordthrough the Web Transfer Client (WTC). If changing the password is disabledby EFT, the Change Password buttonis not available.
When a user attempts to change the account password, the following errorsare possible. You can customize the error messages by creating text fileswith the following names and saving them in the EFT installation directory\web\public\EFTClient subdirectory(e.g., C:\Program Files\Globalscape\EFTServer Enterprise\web\public\EFTClient):
Current password is entered incorrectly (PasswordChg_PasswordWrong.txt)
Network connection error (PasswordChg_NetworkProblem.txt)
User does not have permission by AD to change the password (PasswordChg_Permission.txt)
New password does not meet the AD complexity requirements (PasswordChg_PasswordComplexity.txt)
Current password is about to expire (PasswordChg_PwdWillExpire.txt)
If the text files identified above do not exist when an error occurs,the default text provided within EFT is presented to the user.
The location of these files can be modified by running the PasswordChg_MsgFileLocation.regscript, which is located in the EFT installation directory Clientsubdirectory. You must first edit the PasswordChg_MsgFileLocation.regscript to specify the new location.
The WTC change password capability can be turned on/off through the PasswordChg_NTADLDAP registry key. By default, the password change ability is "off."
- If you have enabled the "User must change password at next logon" feature in AD, you must enable (set to "on") the registry setting below.
- If you have enabled the "User cannot change password" feature in AD, users will not be able to change their passwords.
In version 6.2 and later, two registry scripts are provided to enable/disable the password change feature. These registry scripts are located in the EFT Server installation directory \web\public\EFTClientsubdirectory.
- PasswordChg_NTADLDAP_On.reg
- PasswordChg_NTADLDAP_Off.reg
For the changes to take effect, after running the scripts you must restart the service. You may need to edit the scripts, depending on whether you have a 32-bit or 64-bit operating system.
32-bit:
[HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 4.0\EFTClient]
"PasswordChg_NTADLDAP"="on"
64-bit:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\GlobalSCAPE Inc.\EFTServer 4.0\EFTClient]
"PasswordChg_NTADLDAP"="on"
NOTE: This is a string, not a Dword. Use "on" (1 or true) or "off" (0 or false) only.