Is there a way to use the FIM 2010 R2 Rich-Client from the Internet to perform password resets? I know it requires TCP port 5725 and 5726 to the FIM Service to work. Exposing these ports to the Internet directly would be a very bad idea from a security
perspective. I am thinking of using Microsoft Web Application Proxy to require two-factor authentication using a client certificate to access them but have et to test this. The reason I am pursuing this is I need the cached credentials on the locked workstation
to be changed when the password is reset. Using the web page for SSPR which is Internet accessible does not accomplish this.
↧