I just watched this video and have a few questions.
http://www.youtube.com/watch?v=T-p41Ze9ewA
We have a large WAN, if a person is under a lockout timeout will a password change reset this counter? I have a feeling normally user who forget their passwords, will lock it first, then
attempt to create a new password via FIM.
Can users pick their own challenge questions?
Where will the FIM 2010 password change occur? Again w/ a large WAN environment w/ many remote DCs (ie NOT read-only DCs) can the change be instantly replicated? Can the password occur at the users remote site, ie at their %logonserver%, so
they can log in faster after a password change?
Can we use some programmatically entered fields, but also allow the user to enter some more challenge questions. Ie say we know the end users last 4 of ss#, and drivers license #, etc can we use those so FIM is ready to go out of the box but optionally have the user add more questions (ie non-programmatically) at a later time?
What happen if some 'hackers' try over and over to guess the way to challenge question answers? Will FIM lock the account and disable self-service requests for that user going forward, or for some FIM lockout duration?
Can we add a CAPTCHA to the public facing portal so bots and scripts dont try to guess Anna favorite teachers name, etc and try to reset her password?