A "User cannot change password" setting

[MaiklT]

Description of problem

There are some requests to me to add a user account that is valid for all people working in a company, to display some information to them. We talk about 700-800 people, and creating a user account for each would be too much work. The problem is: If any of these users changes the password, all the others can't access the information anymore until an administrator resets it (which can last a while).

Description of solution

A user setting "User cannot change password", as it exists in Windows.

[mitchelsellers]

Personally, from a security perspective, I am not a fan of this functionality as it negates all aspects of keeping accounts secure. I would suggest a custom implementation for this.

However, I'll let the rest of the @dnnsoftware/approvers group comment on this

[MaiklT]

Mitchel, I totally agree with you about the security consequences that can happen when someone misunderstands the setting. It should be well documented that this is only for accounts mentioned in my first post, and these accounts should NEVER EVER have any editing permissions.

In Windows, this stting is normally used for service accounts.

[donker]

I don't think this is a scenario we should be catering for. I.e. it is too much of an edge case to make this change which can be misunderstood. And we know all too well that once implemented + a year or so later, few people will know exactly why it is there and it can lead to issues. I'd prefer edge cases like this to be done through extensions.

[MaiklT]

Well - I can't contradict, @donker. I don't know how often things like this happen (I had two cases in the last 3 months), and I did not want to create a trigger in the SQL database for this scenario (as triggers can always cause issues when upgrading).
Anyway, thanks for your opinions, and feel free to close this ticket with a "won't implement" comment.

[stale]

We have detected this issue has not had any activity during the last 90 days. That could mean this issue is no longer relevant and/or nobody has found the necessary time to address the issue. We are trying to keep the list of open issues limited to those issues that are relevant to the majority and to close the ones that have become 'stale' (inactive). If no further activity is detected within the next 14 days, the issue will be closed automatically.
If new comments are are posted and/or a solution (pull request) is submitted for review that references this issue, the issue will not be closed. Closed issues can be reopened at any time in the future. Please remember those participating in this open source project are volunteers trying to help others and creating a better DNN Platform for all. Thank you for your continued involvement and contributions!

[MaiklT]

Will not be implemented :-(

[valadas]

I am a bit late to this party but I agree with the security concerns here. I've advocating to clients that everyone have their own account and to use roles for such purposes. Nobody should ever share a password with another coworker IMO. I multiples the risk of a leak by the number of people sharing that account.