Single Sign-on customers have the option of deploying the Account
Self-Service features—Self-Service Password Reset and Account Unlock—with no
other Single Sign-on features available to users.
The Account Self-Service features of Single Sign-on help reduce calls
to your computer help desk by allowing your employees to perform the following
tasks on their own:
- Change their Microsoft
Windows domain password
- Unlock their Windows
The Account Self-Service features allow you to establish a set of
security questions for identity verification. After the question-based
authentication is enabled and the Account Self-Service features are made
available to them, your users enroll, or register, with the service by
answering the series of security questions. Once registered, your users can
Account Self-Service (A), found on the
Log On to Windows dialog box, or for Microsoft
Windows Vista users, the
Welcome screen (B).
Administrators can require users to re-register by:
- Revoking a single user's
- Prompting all users to
- Changing the existing
Enrolled users can also start the re-registration process whenever
they want to change their answers to the security questions.
This document describes how to install and configure Single Sign-on to
provide users with only the Account Self-Service features.
Note: Account Self-Service does not support user principal name (UPN)
logons, such as