How to manage my Windows user password through IIS web portal
Many IIS users remember that we ship a small web application named IISADMPWD with older versions of IIS (for instance, IIS 5, and IIS 6). This application is actually a useful utility for domain users to change passwords. You may wonder why this application is useful when I can easily change my password via a simple Ctrl+Alt+Delete. So let's see an example,
IISADMPWD in Use
I am currently out of office and have to check a critical mail via OWA. However, I failed because I forgot to update my old password and now it expired. (Well, VPN may help a lot, but I just could not access that either.)
Well, my IT department kindly set up IISADMPWD in this case, so that I can enter such a page to change my password. Now OWA works and I can read the important mail. Cheers!
IISADMPWD Setup (for IIS 5/6)
You can learn about how to set up such a web application on IIS 5 and 6 by referring to the following KB articles,
https://support.microsoft.com/kb/269082
https://support.microsoft.com/kb/833734
Tony DeCock has a great article here to discuss various of problems you might come across here,
https://support.microsoft.com/kb/907271
IISADMPWD on IIS 7
The IISADMPWD function is not included in IIS 7 any more.
And thus the IISADMPWD directory is no longer there under a clean install of Windows Server 2008 . So except using VPN , is there a way to change my password in emergency? A small experiment reveals that we may use IISADMPWD if we have a copy of it from a Windows Server 2003 box and treat it as a ASP/COM application. The Workaround steps are attached for your reference.
1. Copy the folder from Server 2003 box to Server 2008 box. In my case, I still use the path C:\Windows\system32\inetsrv\Iisadmpwd on Server 2008.
2. Register the IISpwchg.dll file in the Iisadmpwd directory:
1. Open an elevated command prompt.
2. In the Open box, type the following, and then press ENTER:
regsvr32 c:\windows\system32\inetsrv\iisadmpwd\iispwchg.dll
3. Configure the PasswordChangeFlags property in the metabase to make sure that the Password Change functionality is enabled:
1. open an elevated command prompt.
2. Locate the C:\Inetpub\Adminscripts directory (make sure that you have IIS 6 Scripting Tools feature turned on).
3. Type the following command, and then press ENTER:
cscript.exe adsutil.vbs set w3svc/passwordchangeflags Value
Note In this sample command, Value is a placeholder for the value that you want to set for the PasswordChangeFlags property.
4. The following list includes the possible values for the PasswordChangeFlags property. You can use a combination of these values.
· 0: This is the default value. This value indicates that you must use a Secure Sockets Layer (SSL) connection when you change the password.
· 1: This value permits password changes on non-secure ports. This value is useful if SSL is not enabled.
· 2: This value disables the Password Change functionality.
· 4: This value disables the advance notification of password expiration.
5. To create an application for the Iisadmpwd directory.
· Now open IIS Manager, and in the left panel right click on Default Web Site node.
· Choose Add Application. In this dialog, type an alias (I use IISADMPWD) and the path (C:\Windows\system32\inetsrv\Iisadmpwd). Then click Select... button to choose a suitable application pool. (Remember that you can refer to Tony's article for details.) Click OK twice and we are done.
Now you can access the password change page by navigating to https://<server>/iisadmpwd/aexp4b.asp (or https, which depends on your choice in step 4).
Sidenote
If you only owns a copy of x86 Server 2003 while the Server 2008 box you are using is x64, then the above steps need a few changes. First, you must copy the folder to %windir%\SysWOW64\inetsrv folder. This path will be used in following steps. At last this application must be running in a 32-bit application pool.
Hope this help.
Lex Li
NOTE: The IISADMPWD function is not included in IIS 7 any more. The situation that enabling IISADMPWD on IIS 7 is provided "AS IS" with no warranties, and confers no rights.
Comments
- Anonymous
June 18, 2009
More official information about IISADMPWD support on IIS 7 is mentioned in this article,http://technet.microsoft.com/en-us/library/bb684904.aspx - Anonymous
March 04, 2010
Another update: ASP role service is not installed on Windows Server 2008 by default, but it is required by this workaround. Therefore, if you meet 404.3 errors navigating to those ASP pages, please go to Server Manager and install the ASP role service. - Anonymous
June 03, 2013
I believe the script to change the password flags needs to have THIS syntax:w3svc/PasswordChangeFlags - Anonymous
August 04, 2013
I loke the aexp4b.asp site as it automatically inputs the domain. If I set passwordchangeflags to 0, as soon as I click OK after entering the password info, the site warns me that it will send the info unencrypted. Then, after clicking OK, I get a 403 Access Denied page.If I use the aexp2.asp page, I have to enter the domain manually, but the entire process stays over SSL and I get no error. Any way to get this to work with aexp4b.asp? - Anonymous
August 04, 2013
Well, never mind. I used aexp2b.asp and it works great. - Anonymous
October 14, 2013
Do you have any ideas for the issue "object required" after we're submit the password change request? Thanks - Anonymous
July 12, 2016
the module C:\Windows\System32\inetsrv\iisadmpwd\iispwchg.dll may not compatible with the version of windows that you re running - Anonymous
September 16, 2016
I have big difficulty to make the password change over the web. I have the error -2147023631 for some week. All the setup was working before. I thnik it could be active directory that don't let me change the password over the web. We have some security requierement for the password (8 caractères, some number, ...) what's is the requierement on the ad side that I could check? or is there somebody know what mean the error code -2147023631, I didn't find anything on google.Thanks