Re: IISADMPWD solution for AD expired password ?

Hi Svyatoslav ,

thank you for your answer

1. About this, could you tell me which policy allow logging on with expired passwords please ?
2. I will try if nobody can't give me the information before :D

Someone has feedbacks about the IIS reset passwords solution ?

Thank you

1. You can set policy to allow logging on with expired passwords to change the password; otherwise indeed you need anonymous access.
2. Interesting question. I'm sure kpassword is not used, which leaves us with RPC - maybe encrypted in SMB. Capture traffic when changing password on your worksation to fing out - IIS will be same. And as secure.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Pascal" <pascal_t@xxxxxxxxxxxxxxxxxx> wrote in message news:mn.3bde7d7c47bb89f8.70874@xxxxxxxxxxxxxxxxxxxxx
Hi,

we would like to be able to let users modifying their password through IIS (for example).

Indeed, those users are connecting to a IIS server (in US) from another country (Italy) but with credentials stored on a local DC (DC in US so).

Every user has an account on the DC in US but the security policy states that the password has a maximum lifetime of 90 days.

The idea is to let them reseting their password through IIS (and IISADMPWD so).

I have two questions :

1. What's happened if they didn't change their passwords before it expired ? (Do I need to let the IISADMPWD with anonymous access so ?)
2. What protocol is used when the password is modified from the IIS to the DC ? (of course I will use HTTPS from the client to the IIS).

Thank you

-- Pascal



--
Pascal


.

Relevant Pages

  • Re: Workstations are going offline! Help!
    ... Right about IIS, and right that the 0 indicates passwords never expire. ... Event logs are the first place to go for troubleshooting services for ... Settings -> Security Settings and click Password Policy. ... No errors on startup, no offline icons, synchronizing is ...
    (microsoft.public.windows.server.sbs)
  • Cannot use usernameForCertificateSecurity with IIS application pool custom account
    ... I am using web service secured by the WSE 3.0 usernameForCertificateSecurity ... The service is running on Windows 2003, IIS 6.0. ... The security context token cannot be retrieved ... If I change the usernameForCertificateSecurity policy to ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: security header is not present in the incoming message
    ... appears when I run my client directly under IIS instead of under ASP.NET ... In IIS ‘mode’ I get this policy error: ... My client is simple ASP.NET Web Site ... >> Imports System.Web.Services ...
    (microsoft.public.dotnet.security)
  • Re: How to limit number of failed FTP logins?
    ... There is no such Group Policy setting. ... also want to post in the IIS security newsgroup to see if someone there has ... >> set an account lookout policy for user accounts in Local Security Policy ...
    (microsoft.public.win2000.security)
  • Re: FYI...ActiveX Error Resolved
    ... > I'll never know if IIS and the cryptographic functionality was screwed up ... > verified that the problem was a Group Policy problem. ... > to the SBS Client Computers GPO, removed the link to SBS Server Auding ... > Also in the Local Security policy on the server, ...
    (microsoft.public.windows.server.sbs)