Share via

Windows Server 2012 RDS: Enabling the RD WebAccess Expired password reset option

  • Article

This Wiki article explains how the password reset option in RD WebAccess on Windows Server 2012 can be enabled.

Windows Server 2012 comes with an option to support the ability to let users change their password from within the RD Webaccess interface in case it's expired.

The password change option is made available in the new .aspx page in RD WebAccess called password.aspx. This file exists in C:\Windows\Web\RDWeb\Pages\en-US.

Although the file is there after the installation of the RD WebAccess role, a configuration needs to be done before the page is operational.

To achieve this:

  • Open the IIS manager on the server(s) running your RD WebAccess.
  • And browse to Sites;Default Web Site;RDWeb;Pages and
  • Then select Application Settings.

http://2.bp.blogspot.com/-5KeHCmlOvu0/T6zKPr0xurI/AAAAAAAAAw8/JKlAfmQ8F98/s320/1.png

Here you have the property PasswordChangeEnabled available. Change it to true.

When a user now open the RDWebaccess page and tries to logon using an expired password a link will appear which the user can use to reset his password.

http://1.bp.blogspot.com/--3F_a_UckWQ/T4ctcGTF6UI/AAAAAAAAApU/W1gvwK650zk/s320/2.png

You can also add a permanent link to the login page to let users also change their password when it's not expired. You can simply do this by adding an href to the login.aspx pointing to the password.aspx page. The result could look like the screenshot below.

http://4.bp.blogspot.com/-mTDTJ3Kfotg/T4ctVRuS0VI/AAAAAAAAApM/3MGJMEFqFzU/s320/1.png

When users open the password.aspx file this is what will be presented:

http://2.bp.blogspot.com/-PVutzPn8mrI/T12iVj4n-zI/AAAAAAAAAj4/8GOt7YFJTMw/s1600/changePWD.jpg

The same could be done for RD WebAccess on Windows Server 2008 R2 after applying the following hotfix: http://support.microsoft.com/kb/2648402 . Although it is not explicitly described in the KB article, this update adds Password.aspx script containing password changing logic.

To enable this, you should follow instructions above modifying configuration of Sites;Default Web Site;RDWeb;Pages directory in IIS console. Alternatively, you can directly edit Web.config file under C:\Windows\Web\RDWeb\Pages folder on RDWeb server. Note that you should manually set PasswordChangeEnabled entry in the IIS console or Web.config if it’s missing to TRUE. To do this:

  1. Open the following file: %systemDrive%/windows/web/rdweb/pages/web.config

  2. Set the following value to TRUE:

    <!-- PasswordChangeEnabled: Provides password change page for users. Value must be "true" or "false" -->

    <add key="PasswordChangeEnabled" value="false" />

  3.  Execute “iisreset” from an elevated command prompt

Note:

If the remote server is running in Azure you need create an endpoint for public port 443 in Azure management portal so that users can access the RD Web Access portal. See http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/ for more information on creating end points. If the remote server is a Windows Server 2008 R2 server you need to install the following hotfix: 2648402 before making the web.config change

Sources: