How to manage my Windows user password through IIS web portal

Many IIS users remember that we ship a small web application named IISADMPWD with older versions of IIS (for instance, IIS 5, and IIS 6). This application is actually a useful utility for domain users to change passwords. You may wonder why this application is useful when I can easily change my password via a simple Ctrl+Alt+Delete. So let's see an example,

IISADMPWD in Use

I am currently out of office and have to check a critical mail via OWA. However, I failed because I forgot to update my old password and now it expired. (Well, VPN may help a lot, but I just could not access that either.)

Well, my IT department kindly set up IISADMPWD in this case, so that I can enter such a page to change my password. Now OWA works and I can read the important mail. Cheers!

IISADMPWD Setup (for IIS 5/6)

You can learn about how to set up such a web application on IIS 5 and 6 by referring to the following KB articles,

https://support.microsoft.com/kb/269082

https://support.microsoft.com/kb/833734

Tony DeCock has a great article here to discuss various of problems you might come across here,

https://support.microsoft.com/kb/907271

IISADMPWD on IIS 7

The IISADMPWD function is not included in IIS 7 any more.

And thus the IISADMPWD directory is no longer there under a clean install of Windows Server 2008 . So except using VPN , is there a way to change my password in emergency? A small experiment reveals that we may use IISADMPWD if we have a copy of it from a Windows Server 2003 box and treat it as a ASP/COM application. The Workaround steps are attached for your reference. 

1. Copy the folder from Server 2003 box to Server 2008 box. In my case, I still use the path C:\Windows\system32\inetsrv\Iisadmpwd on Server 2008. 

2. Register the IISpwchg.dll file in the Iisadmpwd directory:

1. Open an elevated command prompt.

2. In the Open box, type the following, and then press ENTER:

regsvr32 c:\windows\system32\inetsrv\iisadmpwd\iispwchg.dll

3. Configure the PasswordChangeFlags property in the metabase to make sure that the Password Change functionality is enabled:

1. open an elevated command prompt.

2. Locate the C:\Inetpub\Adminscripts directory (make sure that you have IIS 6 Scripting Tools feature turned on).

3. Type the following command, and then press ENTER:

cscript.exe adsutil.vbs set w3svc/passwordchangeflags Value

Note In this sample command, Value is a placeholder for the value that you want to set for the PasswordChangeFlags property.

4. The following list includes the possible values for the PasswordChangeFlags property. You can use a combination of these values.

· 0: This is the default value. This value indicates that you must use a Secure Sockets Layer (SSL) connection when you change the password.

· 1: This value permits password changes on non-secure ports. This value is useful if SSL is not enabled.

· 2: This value disables the Password Change functionality.

· 4: This value disables the advance notification of password expiration.

5.  To create an application for the Iisadmpwd directory.

· Now open IIS Manager, and in the left panel right click on Default Web Site node.

· Choose Add Application. In this dialog, type an alias (I use IISADMPWD) and the path (C:\Windows\system32\inetsrv\Iisadmpwd). Then click Select... button to choose a suitable application pool. (Remember that you can refer to Tony's article  for details.) Click OK twice and we are done.

 

Now you can access the password change page by navigating to https://<server>/iisadmpwd/aexp4b.asp (or https, which depends on your choice in step 4).

Sidenote

If you only owns a copy of x86 Server 2003 while the Server 2008 box you are using is x64, then the above steps need a few changes. First, you must copy the folder to %windir%\SysWOW64\inetsrv folder. This path will be used in following steps. At last this application must be running in a 32-bit application pool. 

 

Hope this help.

 

Lex Li

 

NOTE: The IISADMPWD function is not included in IIS 7 any more. The situation that enabling IISADMPWD on IIS 7 is provided "AS IS" with no warranties, and confers no rights.