Posted on 02-20-2009 12:48 AM
Does anyone know if there is a way to force Entourage to not save a password?
Thanks.
-Henry
Posted on 02-24-2009 12:30 AM
Hi Henry,
Interesting question.
Entourage stores its passwords in the OS X Keychain. If you tell Entourage to save a password and then open your Keychain (go to Applications/Utilities and open Keychain Access), you will see a category on the left panel called “Passwords”. Under this is Applications where the passwords for applications are stored.
Your password for any Entourage accounts ( I have several) will be listed by server type, strangely not by the name Entourage. I have a couple in there listed as Exchange. In there are the individual account settings for password. It is possible to deny access to this keychain item from this menu but I am not sure if you could stop this from creating a new keychain item for a user. Perhaps this permission could be pre-populated on a per user basis if you know the server they were talking to. I do not see anything online about this being scriptable. Would be useful if it was.
I am not sure but perhaps others on the list would like to chime in? I would be interested in this as well.
I do not like users storing passwords on systems. They tend to forget them if they do not type them in for months. We do thousands of password resets a year for users; mostly because they do not type it in until the next time it expires and they have to get it reset. Catch 22, can't set a new password unless you know your old one.
Bruce
Posted on 02-24-2009 01:03 PM
On 2/24/09 2:30 PM, "Bruce Stewart" <bstewart at brocku.ca> wrote: Entourage stores its passwords in the OS X Keychain. If you tell Entourage to save a password and then open your Keychain (go to Applications/Utilities and open Keychain Access), you will see a category on the left panel called 'Passwords'. Under this is Applications where the passwords for applications are stored.
[snip]
I do not like users storing passwords on systems. They tend to forget them if they do not type them in for months. We do thousands of password resets a year for users; mostly because they do not type it in until the next time it expires and they have to get it reset. Catch 22, can't set a new password unless you know your old one.
You're correct that scripting passwords in Entourage is not possible.
If administrators want to take a sledgehammer approach then they can create
a logout policy that deletes:
~/Library/Keychains/login.keychain
I'd weigh the costs and benefits of not allowing passwords to be stored for
all users vs. Help Desk calls to reset passwords. While I hate the Mac OS X
Keychain myself, it is useful to the end users. Whose inconvenience weighs
more?
--
bill
William M. Smith, Technical Analyst
MCS IT
Merrill Communications, LLC
(651) 632-1492