Registry hack lets OWA users reset their passwords

Registry hack lets OWA users reset their passwords

Most Exchange Server administrators probably don’t spend much time thinking about resetting passwords, possibly because there’s nothing overly complex about the process involved. Still, problems do occur, especially when Outlook Web Access passwords expire. Editing the registry lets users fix this problem themselves -- without having to call help desk.

If a user’s password has expired, OWA won’t let him log on or give him a chance to change his password -- even after the Exchange Server 2010 SP1 rollup. In Figure 1, you’ll notice that when a user with an expired password attempts to log into Outlook

    Requires Free Membership to View

    Login

    When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by Exchange professionals today working with Exchange, Outlook and other related technologies.

    Margie Semilof, Editorial Director

    By submitting your registration information to SearchExchange.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchExchange.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Premium Access

Register now for unlimited access to our premium content across our network of over 70 information Technology web sites.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in November 2010

Web App, Exchange denies the user access and produces a misleading error message. Instead of informing the user that his password has expired, OWA states that the user has entered either his username or password incorrectly.


Figure 1. OWA does not actually inform the user that his password has expired.

Depending on which version of Exchange you’re running, you can solve this problem using a registry hack. When Microsoft released Exchange Server 2007 SP3, it included an option to allow users to reset passwords from the OWA logon screen.

Since then, Microsoft disabled this option and designed OWA to only enable the password changing functionality using the following registry hack. Microsoft did eliminate this functionality in the RTM release of Exchange Server 2010, but brought it back in Exchange 2010 SP1.

Warning: Before I explain the registry hack, remember that editing your registry can be dangerous. Be sure to make a full backup of your client access server (CAS) before attempting the hack.

Performing the registry hack to enable password resets
Open the Registry Editor on your CAS and navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA. Then create a new DWORD value. The Registry Editor will ask if you want to create a 32-bit or a 64-bit DWORD value. Even though Exchange Server 2010 is a 64-bit application, you must create a 32-bit DWORD value for this method to work.

Name the new DWORD value ChangeExpiredPasswordEnabled (Figure 2) and assign it a value of 1. If you ever want to disable this hack, you can either delete the registry key or change the value to 0.


Figure 2. To enable the registry hack, create a 32-bit DWORD value and name it ChangeExpiredPasswordEnabled.

After you create the registry entry, you’ll need to either reboot your CAS or reset IIS. To reset IIS, open a command prompt window and enter the following command: IISRESET /NoForce (Figure 3).


Figure 3. To create the registry entry, reset IIS using the IISRESET/NoForce command.

Once you’ve reset the server, users with expired passwords will be allowed to access OWA. If a user with an expired password attempts to log into OWA, the system will display a screen giving him the opportunity to reset his password and use OWA (Figure 4).


Figure 4. Users can reset their expired Outlook Web Access passwords.

ABOUT THE AUTHOR
Brien M. Posey, MCSE, is a seven-time Microsoft MVP for his work with Windows 2000 Server, Exchange Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. For more information visit www.brienposey.com.

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top