Change Filetype
This commit is contained in:
243
README.md
Normal file
243
README.md
Normal file
@@ -0,0 +1,243 @@
|
||||
# IISADMPWD – Active Directory Password Change Portal for Modern Windows Server
|
||||
|
||||
This project restores the classic **IISADMPWD password change functionality** on modern Windows Server versions (2008/2012/2016/2019/2022+) and provides a slightly modernized UI.
|
||||
|
||||
It allows domain users to **change their Active Directory password through a web portal**.
|
||||
|
||||
Microsoft deprecated this feature after **IIS 6**, so it is no longer available in clean Windows Server installations. This repository provides the required files and instructions to restore the functionality.
|
||||
|
||||
## Features
|
||||
|
||||
- Active Directory password change via web UI
|
||||
- Compatible with modern Windows Server versions
|
||||
- Works behind reverse proxies such as Caddy, Nginx, and Traefik
|
||||
- Updated UI with a more modern look
|
||||
- Lightweight, with no external dependencies
|
||||
- No visible internal IIS path required for end users
|
||||
|
||||
## Architecture Example
|
||||
|
||||
```text
|
||||
User
|
||||
│
|
||||
▼
|
||||
https://password.example.com
|
||||
│
|
||||
▼
|
||||
Reverse Proxy (Caddy / Nginx / Traefik)
|
||||
│
|
||||
▼
|
||||
IIS Server
|
||||
/reset-password
|
||||
```
|
||||
|
||||
External users only see:
|
||||
|
||||
```text
|
||||
https://password.example.com
|
||||
```
|
||||
|
||||
The internal IIS path remains hidden.
|
||||
|
||||
## Installation
|
||||
|
||||
### 1. Copy the files
|
||||
|
||||
Copy the repository contents to your IIS server:
|
||||
|
||||
```text
|
||||
C:\inetpub\wwwroot\reset-password
|
||||
```
|
||||
|
||||
The folder structure should look similar to:
|
||||
|
||||
```text
|
||||
reset-password
|
||||
├─ aexp2.htr
|
||||
├─ aexp2b.htr
|
||||
├─ aexp3.htr
|
||||
├─ aexp4b.asp
|
||||
├─ achg.asp
|
||||
├─ achg.htr
|
||||
├─ iisadmpwd.htr
|
||||
└─ iispwchg.dll
|
||||
```
|
||||
|
||||
### 2. Register the password change DLL
|
||||
|
||||
Open an **elevated command prompt** and run:
|
||||
|
||||
```cmd
|
||||
regsvr32 C:\inetpub\wwwroot\reset-password\iispwchg.dll
|
||||
```
|
||||
|
||||
You should receive a success message similar to:
|
||||
|
||||
```text
|
||||
DllRegisterServer in iispwchg.dll succeeded
|
||||
```
|
||||
|
||||
### 3. Enable password change functionality
|
||||
|
||||
Navigate to the IIS AdminScripts directory:
|
||||
|
||||
```cmd
|
||||
cd C:\Inetpub\Adminscripts
|
||||
```
|
||||
|
||||
Then run:
|
||||
|
||||
```cmd
|
||||
cscript adsutil.vbs set w3svc/passwordchangeflags 0
|
||||
```
|
||||
|
||||
#### PasswordChangeFlags values
|
||||
|
||||
| Value | Description |
|
||||
|------:|-------------|
|
||||
| 0 | Default – password changes enabled |
|
||||
| 1 | Allow password changes without SSL |
|
||||
| 2 | Disable password change |
|
||||
| 4 | Disable password expiration notifications |
|
||||
|
||||
Recommended value:
|
||||
|
||||
```text
|
||||
0
|
||||
```
|
||||
|
||||
### 4. Enable Classic ASP
|
||||
|
||||
This application requires **Classic ASP**.
|
||||
|
||||
Install the feature using PowerShell:
|
||||
|
||||
```powershell
|
||||
Install-WindowsFeature Web-ASP
|
||||
```
|
||||
|
||||
Or via **Server Manager**:
|
||||
|
||||
```text
|
||||
Web Server
|
||||
→ Application Development
|
||||
→ Classic ASP
|
||||
```
|
||||
|
||||
### 5. Create the IIS application
|
||||
|
||||
Open **IIS Manager** and navigate to:
|
||||
|
||||
```text
|
||||
Sites
|
||||
→ Default Web Site
|
||||
```
|
||||
|
||||
Right click **Default Web Site** and select **Add Application**.
|
||||
|
||||
Use the following values:
|
||||
|
||||
**Alias**
|
||||
|
||||
```text
|
||||
reset-password
|
||||
```
|
||||
|
||||
**Physical Path**
|
||||
|
||||
```text
|
||||
C:\inetpub\wwwroot\reset-password
|
||||
```
|
||||
|
||||
**Application Pool**
|
||||
|
||||
```text
|
||||
DefaultAppPool
|
||||
```
|
||||
|
||||
Click **OK**.
|
||||
|
||||
### 6. Restart IIS
|
||||
|
||||
```cmd
|
||||
iisreset
|
||||
```
|
||||
|
||||
## Local Test
|
||||
|
||||
Open one of the following URLs in your browser:
|
||||
|
||||
```text
|
||||
http://SERVER/reset-password
|
||||
```
|
||||
|
||||
or
|
||||
|
||||
```text
|
||||
http://SERVER/reset-password/aexp4b.asp
|
||||
```
|
||||
|
||||
## Reverse Proxy Example (Caddy)
|
||||
|
||||
This example exposes the portal at:
|
||||
|
||||
```text
|
||||
https://password.example.com
|
||||
```
|
||||
|
||||
while internally running under:
|
||||
|
||||
```text
|
||||
/reset-password
|
||||
```
|
||||
|
||||
Example Caddy configuration:
|
||||
|
||||
```caddy
|
||||
password.example.com {
|
||||
handle {
|
||||
rewrite * /reset-password{uri}
|
||||
|
||||
reverse_proxy <ip-address>:80 {
|
||||
header_up Host {host}
|
||||
header_up X-Forwarded-Host {host}
|
||||
header_up X-Forwarded-Proto https
|
||||
header_up X-Forwarded-Port 443
|
||||
header_up X-Forwarded-For {remote_host}
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Users only access:
|
||||
|
||||
```text
|
||||
https://password.example.com
|
||||
```
|
||||
|
||||
## Security Notes
|
||||
|
||||
- Always place the portal behind **HTTPS**
|
||||
- Prefer a reverse proxy with **TLS termination**
|
||||
- Consider restricting access to **internal networks or VPN**
|
||||
- Do not expose the portal publicly without proper access controls
|
||||
|
||||
## Supported Windows Versions
|
||||
|
||||
Tested with:
|
||||
|
||||
- Windows Server 2012
|
||||
- Windows Server 2016
|
||||
- Windows Server 2019
|
||||
- Windows Server 2022
|
||||
|
||||
## Disclaimer
|
||||
|
||||
This project restores functionality from deprecated IIS components originally shipped with **Windows Server 2003**.
|
||||
|
||||
Use at your own risk.
|
||||
|
||||
## License
|
||||
|
||||
Provided as-is for educational and administrative purposes.
|
||||
|
||||
Reference in New Issue
Block a user