Re: IISADMPWD solution for AD expired password ?

---

• From: Pascal <pascal_t@xxxxxxxxxxxxxxxxxx>
• Date: Tue, 11 Dec 2007 11:54:38 +0100

---

Nobody ? :)

Third question so ! :D

3. Another solution could be to change the password through LDAP v3 request no ? (from the Web server to a specific DC)
If you confirm that it is possible, do you have a sample code for this kinf of solution please ?

Thank you

Hi Svyatoslav ,

thank you for your answer

1. About this, could you tell me which policy allow logging on with expired passwords please ?
2. I will try if nobody can't give me the information before :D

Someone has feedbacks about the IIS reset passwords solution ?

Thank you

1. You can set policy to allow logging on with expired passwords to change the password; otherwise indeed you need anonymous access.
2. Interesting question. I'm sure kpassword is not used, which leaves us with RPC - maybe encrypted in SMB. Capture traffic when changing password on your worksation to fing out - IIS will be same. And as secure.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Pascal" <pascal_t@xxxxxxxxxxxxxxxxxx> wrote in message news:mn.3bde7d7c47bb89f8.70874@xxxxxxxxxxxxxxxxxxxxx

Hi,

we would like to be able to let users modifying their password through IIS (for example).

Indeed, those users are connecting to a IIS server (in US) from another country (Italy) but with credentials stored on a local DC (DC in US so).

Every user has an account on the DC in US but the security policy states that the password has a maximum lifetime of 90 days.

The idea is to let them reseting their password through IIS (and IISADMPWD so).

I have two questions :

1. What's happened if they didn't change their passwords before it expired ? (Do I need to let the IISADMPWD with anonymous access so ?)
2. What protocol is used when the password is modified from the IIS to the DC ? (of course I will use HTTPS from the client to the IIS).

Thank you

-- Pascal

--
Pascal


.

---

• Follow-Ups:
  • Re: IISADMPWD solution for AD expired password ?
    • From: Joe Kaplan

• References:
  • IISADMPWD solution for AD expired password ?
    • From: Pascal
  • Re: IISADMPWD solution for AD expired password ?
    • From: Pascal

• Prev by Date: Re: PKI in multi sites/domains environment
• Next by Date: Re: MSMQ 2003 Security Problem
• Previous by thread: Re: IISADMPWD solution for AD expired password ?
• Next by thread: Re: IISADMPWD solution for AD expired password ?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Jeez... how do I even start ???? ... > When I would start IIS from the Administrative tools, ... > situation, with the same resolution as described in the msdn article, so ... A lot of these other posts also mentioned the ASPNET user. ... > the web server was running on this machine. ... (microsoft.public.dotnet.framework.aspnet) Re: preventing username enumeration on NT4 ... Nimda Worm Shows You Can't Always Patch Fast Enough ... should start to investigate less-vulnerable Web server products. ... Microsoft's Internet Information Server (IIS), ... (comp.security.misc) Re: preventing username enumeration on NT4 ... Nimda Worm Shows You Can't Always Patch Fast Enough ... should start to investigate less-vulnerable Web server products. ... Microsoft's Internet Information Server (IIS), ... (comp.os.ms-windows.nt.admin.security) Re: preventing username enumeration on NT4 ... Nimda Worm Shows You Can't Always Patch Fast Enough ... should start to investigate less-vulnerable Web server products. ... Microsoft's Internet Information Server (IIS), ... (comp.os.ms-windows.nt.admin.security) Re: preventing username enumeration on NT4 ... Nimda Worm Shows You Can't Always Patch Fast Enough ... should start to investigate less-vulnerable Web server products. ... Microsoft's Internet Information Server (IIS), ... (comp.security.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)