Misreply.org

First of all, I bet most of you are wondering what the hell IISADMPWD even is. Well, basically it’s a tool built into Windows 2000+ and IIS that allows password changes over the web. You go to a webpage, type in your username, current password, and new password, and it updates your information using ASP. This works on local workstations, domain accounts, you name it. It’s quite awesome.

I wish I had known about this tool two years ago, when I was asked if there was any way for VPN users to change their domain passwords (which they used to authenticate to the VPN) remotely, without having to be on the domain.

Setting it up is pretty easy, but it’s not really documented very well anywhere. A bunch of websites reference it as a tool to use for this purpose, but most just leave it at that; Microsoft tells you how it works, but not how to get it running initially. Well…here is how to get it running…after the jump:

1. Install IIS and ASP.NET
2. Go to Administrative Tools – IIS Manager
3. Click on “Web Service Extensions”
4. Make sure Active Server Pages and ASP.NET are both “Allowed”
5. Expand “Web Sites”
6. Right click on “Default Web Site” and select properties.
7. Under the “Home Directory” tab, make sure that the following are checked
a. Script Source Access
b. Read
8. Next to “Execute Permissions”, set it to ‘Scripts and Executables”
9. Click OK…if it asks about Child Nodes…click “Select All” then click OK
10. Right Click on “Default Website” , go to New, then click “Virtual Directory”
11. Click Next
12. For Alias, name it “iisadmpwd”…click Next
13. For Path: put in “C:\WINDOWS\system32\inetsrv\iisadmpwd”
14. Click Next
15. Check Read, Run Scripts and Execute
16. Click Next, then Finish
17. Go to Start – Run and type in “regsvr32 c:\windows\system32\inetsrv\iisadmpwd\iispwchg.dll” then click OK.
18. Open up My Computer, and navigate to c:\inetpub\adminscripts
19. Doubleclick on adsutil.vbs
20. It will come back with a message that says “The script does not work with WScript”, click OK….if it does not, it means that CScript has already been set as the default VBScript handler.
21. It will then ask if you want to register Script as the default host for VBScript…click YES
22. It will say that I successfully registered CScript…click OK
23. Open up a Command Prompt window
24. Navigate to the c:\inetpub\adminscripts directory (cd c:\inetpub\adminscripts)
25. Type “adsutil.vbs set w3svc /1/PasswordChangeFlags 1” and hit enter
26. It will verify the change.
27. Restart IIS

Note: If this is being installed on a server that cannot run the application on port 80 for any reason, then the files must be edited in notepad manually to reflect the new port. You can also change the text of the initial screen by editing the c:\windows\system32\inetsrv\iisadmpwd\aexp3.asp file in a text editor.

You can also edit all the text that appears on the page by editing text.asp

Then to actually access it, go to http://SERVERNAME/iisadmpwd/aexp3.asp to see the page. There is no index file, so going to just the directory will yield an error.

Have fun, and grab a homebrew as you pat yourself on the back.

Be Sociable, Share!

•