Password requested after adding Metro email account

Discussion in 'Microsoft Surface Pro' started by Doug, May 12, 2013.

  1. Doug

    Doug New Member

    Joined:
    May 12, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Northern California
    I have Surface Pro and have been pleasantly surprised.

    However I set things up so I didn't have to ogin each time the computer "slept". Screen saver was working. All was good. I have a domain account.

    Then I added an account (my domain email) to the Metro email application.

    Now after the 15 minutes of no activity goes by the screen save pops in. That is OK, except now I am required to enter my password each time to get at the system.

    I want to use the Metro email, but I don't want to enter the password every time.

    Doug
     
  2. machistmo

    machistmo Active Member

    Joined:
    Nov 17, 2012
    Messages:
    790
    Likes Received:
    53
    Trophy Points:
    28
    Location:
    Raleigh NC
    My Device:
    Other
    Metro pulled in the security settings that are attached to your Domain. Whatever your Domain requires, your Surface now requires.
     
  3. DOS

    DOS Active Member

    Joined:
    Apr 8, 2013
    Messages:
    145
    Likes Received:
    36
    Trophy Points:
    28
    Location:
    USA
    ^^ 2nd, this should happen to all computers under that domain. If it's a work environment, there probably isn't anything you can do about it... well, unless you're the Network Admin. ;)
     
  4. Doug

    Doug New Member

    Joined:
    May 12, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Northern California
    Hi,
    Thanks for the quick response. The password policy that I understand at the domain level is all being recognized.

    If I don't use the Metro Email, everything works properly. If the computer is not active for the 15 minutes, it sleeps. When I try to access the system, the desktop comes back and it does not require a login password. This all works as expected.

    It is only when I add the email account the Metro Email application does a problem occur. I leave the computer idle and after the set time it gos into sleep mode as expected. Now however when I enter a key to wake up the Surface, the domain password is required.

    So this seems to be directly related to the Metro Email.

    This in my mind should not be a domain passwprd policy issue. The domain password policy is related to the password lenghth, complexity, reuse, etc. Not related to computer idle time.

    Doug
     
  5. machistmo

    machistmo Active Member

    Joined:
    Nov 17, 2012
    Messages:
    790
    Likes Received:
    53
    Trophy Points:
    28
    Location:
    Raleigh NC
    My Device:
    Other
    I say again the domain security policy was pushed to your System. It is working as intended.
     
  6. machistmo

    machistmo Active Member

    Joined:
    Nov 17, 2012
    Messages:
    790
    Likes Received:
    53
    Trophy Points:
    28
    Location:
    Raleigh NC
    My Device:
    Other
    The domain security policies are more extensive than just the password complexity. If your company falls under SOX or just follows standard Windows domain security, the behavior you describe is absolutely, 100% working as intended.

    If you stopped and read the pop up box when you added the account you would see it telling you that you must allow the domain security policy to be applied to your system if you want to access the account.

    Again, working as intended.
     
  7. Doug

    Doug New Member

    Joined:
    May 12, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Northern California
    Ok I hear the "as intended".

    I guess I am just dense.

    It is OK to have my computer set to be wide open using Windows 8. I can login and have it set so I can walk away and the login screen will not be required.

    But if I turn on the Metro Email application, that code will force a login password to be required.

    I just want to make sure I understand the security.

    Thanks,

    doug
     
  8. machistmo

    machistmo Active Member

    Joined:
    Nov 17, 2012
    Messages:
    790
    Likes Received:
    53
    Trophy Points:
    28
    Location:
    Raleigh NC
    My Device:
    Other
    Again its a set of policies around security that the device must allow to be changed. The password on wake is standard stuff. The sleep is the part that insures the device is locked if left unattended for 15 minutes. Standard stuff. That's right, when the email is up and the machine is left alone, it will follow the domain security policies to protect that account according to the domain polices that account is governed through. Again, working as intended. Its pretty standard stuff.

    and I wish I was in Northern California. God I miss San Ramon!
     
  9. malberttoo

    malberttoo Super Moderator Staff Member

    Joined:
    Feb 26, 2013
    Messages:
    2,255
    Likes Received:
    428
    Trophy Points:
    83
    Location:
    Alaska
    My Device:
    SPro3
    Doug,

    As a domain admin, I can make it so that if you try to connect your Surface's Mail program to my company, and get your company mail that way, that the domain also forces a set of rules onto your device as well. So BESIDES the password complexity issue (must be a certain length, have certain characters, etc), I can also see to it that if you connect to my email system, I can push certain rules onto your machine that affect it's behavior, such as: when the user is connected to our email system, then force a 10-minutes screen saver time-out, and force them to enter their password every time the screen saver times out. So, if you successfully connect to the email system, then your machine also (in the background) adopts these rules. That's what Machistmo is trying to explain to you.

    Your IT people may have had good reasons for adopting these policies, or they may have just been playing around and forgot to undo their changes. You can at least ask, and see if they will relax their rules on this issue.

    Otherwise, if you choose to use Mail to connect to your employer's system, you must do so with the knowledge that your Surface may take on some different security characteristics while doing so.

    This explanation is a bit simplistic, but I hope it helps.
     
  10. Doug

    Doug New Member

    Joined:
    May 12, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Northern California
    Thanks fr the details.

    They always help.

    Doug
     
  11. mervincm

    mervincm New Member

    Joined:
    Mar 18, 2013
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    0
    We have the same approach. As an enterprise, we see your email an as assert we own and are responsible for. As such, we have to make sure that if that email is on a device that is likely to be lost or stolen, it must have meet OUR minimum security standards. One of those standards is that a password is required on boot and on wake from sleep, and that after a minimum idle time of about 15 minutes, an auto lock is engaged. We configure our exchange servers to enforce this. When you connect your device using activesync, there is a little handshake that occurs where the server tells the client that these restrictions must be in place, or you don't get any data. The MS email client, being a good citizen, warns you about the requirement, and if you agree puts those security enhancements in place.

    If you don't want those restrictions, you should instead use another connection method (say pop), if supported. Be warned that your email host likely turns the others off to avoid this behaviour.
     
  12. bkuhn

    bkuhn New Member

    Joined:
    Dec 12, 2013
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    We have the exact same problem. Our domain (SBS2003) has no group policies set re: screensavers at all.:mad:
     

Share This Page

Search tags for this page

surface metro mail locking out password domain account

,

surface pro exchange credentials requested

,

surface pro screen saver password surfaceforums