SSPR Windows 10密码重置 [英] SSPR Windows 10 Password Reset
问题描述
我一直在寻找这个问题的答案,但是没有成功.如果客户的笔记本电脑已加入域并且已加入Azure AD,并且用户在办公室外时需要通过Windows 10登录页面重设密码 (我已经在Windows 10计算机上设置了重置密码链接)用户是否可以使用新密码登录计算机?为客户设置此设置的正确方法是什么?
I've been trying to find the answer to this question, but have been unsuccessful. If a customer has a laptop that is Domain Joined and Azure AD Joined, and the user needs to reset their password via the Windows 10 Login page, when they are outside the office (I already have the reset password link setup on the Windows 10 Machine) will the user be able to login to the computer using the new password? What is the proper way of setting this up for the Customer?
这是场景;
< g class =" gr_ gr_1135 gr-alert gr_gramm gr_inline_cards gr_run_anim语法仅在double中替换replaceWithoutSep data-gr-id ="1135". id ="1135"> User/g.在办公室里,并且< g class ="gr_ gr_1194 gr-alert gr_gramm gr_inline_cards gr_run_anim语法仅在double中替换replaceWithoutSep data-gr-id ="1194". id ="1194">用户</g>使用域\用户名登录其Windows 10.用户不在现场并连接到互联网. 用户单击重置密码,密码成功重置.用户尝试< g class ="gr_ gr_954 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace" data-gr-id ="954". id ="954">登录名/g. 到Windows< g class =" gr_ gr_953 gr-alert gr_gramm gr_inline_cards gr_run_anim仅标点-替换和不替换" data-gr-id ="953". id ="953">计算机,/g但收到错误消息说< g class =" gr_ gr_952 gr-alert gr_gramm gr_inline_cards gr_run_anim仅语法-ins replaceWithoutSep data-gr-id ="952". id ="952">密码</g>是不正确的. < g class ="gr_ gr_1233 gr-alert gr_gramm gr_inline_cards gr_run_anim仅语法 doubleReplace replaceWithoutSep"; data-gr-id ="1233". id ="1233">用户</g>正在登录域\用户名.
<g class="gr_ gr_1135 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" data-gr-id="1135" id="1135">User</g> is in the office, and <g class="gr_ gr_1194 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" data-gr-id="1194" id="1194">user</g> logs into their Windows 10 using domain\username. The user is offsite and connected to the internet. User clicks on reset password, and the password resets successfully. User tries to <g class="gr_ gr_954 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace" data-gr-id="954" id="954">login</g> to the Windows <g class="gr_ gr_953 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation only-del replaceWithoutSep" data-gr-id="953" id="953">computer,</g> but gets an error saying <g class="gr_ gr_952 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins replaceWithoutSep" data-gr-id="952" id="952">password</g> is incorrect. <g class="gr_ gr_1233 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" data-gr-id="1233" id="1233">User</g> is logging in domain\username.
客户是否应该开始为大多数时间是远程用户而不是域帐户使用其Azure AD帐户?
Should the customer start using their Azure AD account going forward for users who are most of the time remote, instead of their domain account?
什么是最佳实践,以便既在办公室本地工作又在异地工作的用户?我们应该设置它以便他们仅使用其Azure AD帐户吗?
What is the best practice so users who are both working locally in the office and also working off-site? Should we set it up so they use their Azure AD Account only?
谢谢
推荐答案
因此,建议您具有Intune的使用经验,您可以使用它来将OMA-URI设置为可以在设备的登录屏幕上重置其密码.
如果设备位于Azure AD中(如您所提到的,它已加入Hybrid),则可以创建Intune策略以将该OMA-URI推送出去,然后SSPR将负责其余的工作.
So proposing you have experience with Intune, you could use that to set up an OMA-URI to be able to reset their password from the login screen of their device.
Providing the device is in Azure AD (as you mentioned it's Hybrid joined) you could create an Intune Policy to push that OMA-URI out, and SSPR will take care of the rest.
在这里看看:
https://docs.microsoft.com/zh-CN/azure/active-directory/authentication/tutorial-sspr-windows
Have a look here:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows
这篇关于SSPR Windows 10密码重置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
