Tip

You can change passwords through Outlook Web Access

Exchange Server 5.5 and 2000's Outlook Web Access (OWA) allows clients to read Exchange-based e-mail through a web browser. By default, OWA does not allow users to change domain passwords in IIS 5.0, as a way of further securing OWA and domain accounts against attacks.

If you are confident that your security is robust (for instance, if you only allow access to OWA through a VPN, and have strong password rules), you can enable password-changing through OWA. Here's how:

1. Open the directory %Systemroot%System32InetsrvIisadmpwd and verify that there are nine (9) files with the extension .HTR in that directory. Note that the Inetsrv directory may not be in %Systemroot%System32, but it is typically created there by default when IIS is installed.

2. Create a new virtual directory in the default IIS web site (the one that governs OWA access). The virtual directory should have an alias of IISADMPWD and should have a physical location that matches the Iisadmpwd directory above.

3. Set the Read, Run Script and Execute Access privileges on the IISADMPWD virtual directory.

Note that the IISADMPWD will require a secure sockets layer (SSL) connection to work, to prevent submitting information across the Internet in cleartext. You may need to install a server certificate in IIS to make SSL work, if one isn't installed already. You can either use one provided by a third party or generate a certificate with Microsoft Certificate Services 2.0 (including with Windows 2000 Server).

    Requires Free Membership to View

If you set the IISADMPWD virtual directory to use NTLM authentication and have clients who use IE 5.0-5.5, there can be authentication conflicts. To avoid this problem, either turn off NTLM authentication on the directory or use IE 6.0 or higher If you must use NTLM authentication with IE 5.x clients, you will need to add or change a DWORD Registry key on the client to make NTLM authentication work correctly here. The key is named DisableNTLMPreAuth and is found in HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Internet Settings/. Set the value of the key to 1.

Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter.

This was first published in March 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.