PKI Blog

Two-factor Authentication via SMS Messaging for FIM 2010 R2 SSPR

Posted by CSS Technical Team on Sep 17, 2014 11:11:00 AM

Recently I worked on a customized self-service password reset (SSPR) solution leveraging FIM 2010 R2. The SSPR functionality provided out of the box by FIM 2010 R2 is quite comprehensive. In the design sessions with the customer, they decided that they wanted to use a higher level of security for users on the Internet to be able to reset their passwords. This certainly makes sense—exposing an interface where corporate users can reset their passwords is a boon to the service desk, but introduces a significant threat surface and associated security risk.

Read More

Topics: Infrastructure Management, Industry Trends, SMS, strong authentication, Identity Management, SSPR, OTP, Blog, Self-Service Password Reset, one-time password, FIM 2010 R2, two factor authentication

FIM: When products don’t play nice together...

Posted by CSS Technical Team on Jan 24, 2013 10:17:31 AM

As a consultant, one of the primary responsibilities is to deal with strange problems or issues that arise. And inevitably some obscure issue will come to the surface during a demo… Since I specialize in Microsoft’s Forefront Identity Manager combined with a previous life as a Windows Server Engineer, I run a fairly comprehensive virtual development and demo lab with about every mainstream Microsoft Server product deployed across an average of 80 virtual servers. Given the right set of circumstances you’ll find products that just don’t play nice together.

After my failed SSPR password reset demo, I went through the standard troubleshooting check list including configuration verification. The first thing I found awry was permissions missing for the FIM Service account on WMI's Root/CIMV2 namespace. Since this was a functioning SSPR environment, I know they had been set previously. In addition, the Root/MicrosoftIdentityIntegrationServer namespace was missing from the tree too. My schedule allowed enough time to repair the issue but not fully perform a Root Cause Analysis to the situation.

Read More

Topics: WMI, PWUnrecoverableError, IT Security, Microsoft Security Partner, Infrastructure Management, FIM, Microsoft SCCM, Identity Management, SSPR, System Center Configuration Manager, Information Technologoy, SCCM, Blog

What Cannot Be Done With FIM 2010 R2 Password Reset Extensions

Posted by Laurin Kline on Sep 5, 2012 5:16:46 AM

“Can we install the FIM 2010 R2 Add-ins and Extensions on our desktops before we upgrade the rest of the FIM environment?”

While this may be an obvious, self-answering question, I had a client ask me about it recently, and while I was pretty certain of the answer, “No,” I had some time and a virtual environment so I went ahead and tested it.
The first clue that things were going horribly wrong was when I got to this panel in the install process (an example from the “Installing the FIM 2010 R2 Add-ins and Extensions” found here http://technet.microsoft.com/en-us/library/hh322877(v=ws.10).aspx):

Read More

Topics: SSPR Client, Forefront Identity Manager, FIM 2010, IT Security, Microsoft Security Partner, FIM Client Add-ins and Extensions, FIM SSPR Client, FIM 2010 Password Reset Extensions, FIM 2010 R2 Password Reset Extensions, SSPR, FIM R2 Client Add-ins and Extensions, Blog, Self-Service Password Reset, FIM R2 SSPR Client, FIM 2010 R2

Posts by Topic

see all

Want to Learn more about CSS?