by February 4, 2007 0 comments

There are many cases, though far from ideal usage, where a legitimate user is
not logged on to a Windows domain on your network, and still may need to change
his password. When he is logged on to the domain, he can simply press
Ctrl+ALT+DEL, select ‘Change Password’ button and do it. But if he is logged
on to his local system or another domain, changing the password becomes
difficult. One way around is to call up the administrator and get him to change
it. But this means that the new password is not a secret. The best way then is
to use IIS. Note that to continue with the steps described below, you need to be
on a Windows Server 2003 driven domain with IIS 6.0 installed.

Step 1: Enable scripts
In some cases, the scripts to use the functionality (changing passwords) may
have been installed to the server’s hard disk, but not linked to IIS. To check
whether the scripts have been installed, open the IIS management console, the
Websites folder and then the Default website node there. If a virtual directory
site by name ‘IISAdmPwd’ exists, skip to step 3 below. Right click and
create a new Virtual Directory.
Provide the path as ‘%systemroot%\System32\ Inetsrv\Iisadmpwd’ with ‘Read’
and ‘Run scripts’ permissions. Now, we need to allow this script to change

Direct Hit!
Applies To:
Windows 2003 administrators
Price: N A
USP: Allow users to change passwords without logging on to a
domain, using just a Web browser
Primary Link:

Google Keywords: iis6 password change

Open a Command Prompt window and change directory to your INETPUB folder and
the AdminScripts sub-folder. Run the following command.

adsutil.vbs set w3svc/1/PasswordChangeFlags 1

You can alternatively set it to ‘0’ (instead of the ‘1’ at the end of
the command above) to allow the operation only if it comes in on HTTPS (we’re
enabling it for regular HTTP).

Step 2: Configure access
Now, we need to limit access to this path to only legitimate users of the
domain. This is simple. Go again to the IIS management console; navigate to the
virtual directory site you added in step 1 and select Properties from its
context menu. Go to the Directory Security tab and click on the Edit button
under ‘Authentication’ and check the option for ‘Integrated Windows
Authentication’. Now, when a user hits the URL to change his password, he will
see a login box to authenticate himself before proceeding.

Once enabled, users can
use a Web browser to navigate to the password change script and change
passwords for their domain accounts

Step 3: Change password
To change password, user should visit http://mydomainserver/iisadmpwd/aexp2b.asp.
Now, the user can be logged on locally to his computer and still change his
password. Also, if he is mobile and this URL is accessible from the Net, then
also he can change his password.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.