Information:
The IISADMPWD virtual directory allows users to change their account passwords remotely through IIS by means of ASP scripts. IISADMPWD does not come installed as part of a standard Windows Server 2003 IIS install. To configure the IISADMPWD functionality follow these steps:
1) In the Internet Services Manager Microsoft management Console (MMC), expand Web Sites, right-click the Default Web Site, select New, and then select Virtual Directory.
2) Provide the following information to the Virtual Directory Creation Wizard
a. Alias IISADMPWD.
b. Path %systemroot%\System32\Inetsrv\Iisadmpwd
c. Permissions allow both Read and Run Script privileges.
3) Optional: Configure the IISADMPWD virtual directory to use Integrated Authentication and/or Basic Authentication and disable Anonymous Access.
a. This has the added benefit of self populating the Domain and User name fields using in the web site.
4) Set the PasswordChangeFlags value in the IIS metabase
a. From a command prompt change to the C:\Inetpub\Adminscripts directory.
b. Type the following command
i. cscript adsutil.vbs set w3svc/1/PasswordChangeFlags [value]
1. w3svc/1 represents the Default Web Site
2. [value] can be set to one of the following options:
0 - SSL connection required
1 - Password changing allowed on non-secure ports.
2 - Password changing disabled.
3 - Password changing disabled. (Undocumented)
4 - Advance notification of password expiration disabled.
5) To change passwords for Local Account visit
a. http[s]://[server address]/iisadmpwd/aexp2.asp
6) To change passwords for Domain Accounts visit
a. http[s]://[server address]/iisadmpwd/aexp2b.asp
Using IISADMPWD without an SSL connection sends the credentials over the network in clear text. For this reason it is recommended that you use IISADMPWD over an SSL connection.
If using HTTP and/or non-standard ports (80/443) you need to edit the ASP redirection to achg.asp in aexp2.asp or aexp2b.asp.
Example:
<form method="POST" action="http://<%=Server.HTMLEncode(Request.ServerVariables("SERVER_NAME"))%>:8080/iisadmpwd/achg.asp?<%=Server.HTMLEncode(Request.QueryString)%>">
A better solution is to use relative paths like this and the default HTTP and HTTPS ports.
<form method="POST" action="/iisadmpwd/achg.asp?<%=Server.HTMLEncode(Request.QueryString)%>">
Note: Using relative paths with HTTPS will remove the added security prompts. The security prompt occurs because IE interprets the hard coded https:// as a new path even if it is going to the same server.
Common Issues:
1) Error number: -2147024891 when changing a user password.
a. User cannot change password is checked
More Information:
IISADMPWD Virtual Directory Is Not Created During a Default Install of IIS 6.0
IISADMPWD Virtual Directory Is Not Created During Clean Install of IIS 5.0