diff --git a/README.txt b/README.txt index 7ef3155..093a0c3 100644 --- a/README.txt +++ b/README.txt @@ -1 +1,243 @@ -Modern UI with edited Paths for the Reverse Proxy. +# IISADMPWD – Active Directory Password Change Portal for Modern Windows Server + +This project restores the classic **IISADMPWD password change functionality** on modern Windows Server versions (2008/2012/2016/2019/2022+) and provides a slightly modernized UI. + +It allows domain users to **change their Active Directory password through a web portal**. + +Microsoft deprecated this feature after **IIS 6**, so it is no longer available in clean Windows Server installations. This repository provides the required files and instructions to restore the functionality. + +## Features + +- Active Directory password change via web UI +- Compatible with modern Windows Server versions +- Works behind reverse proxies such as Caddy, Nginx, and Traefik +- Updated UI with a more modern look +- Lightweight, with no external dependencies +- No visible internal IIS path required for end users + +## Architecture Example + +```text +User + │ + ▼ +https://password.example.com + │ + ▼ +Reverse Proxy (Caddy / Nginx / Traefik) + │ + ▼ +IIS Server +/reset-password +``` + +External users only see: + +```text +https://password.example.com +``` + +The internal IIS path remains hidden. + +## Installation + +### 1. Copy the files + +Copy the repository contents to your IIS server: + +```text +C:\inetpub\wwwroot\reset-password +``` + +The folder structure should look similar to: + +```text +reset-password + ├─ aexp2.htr + ├─ aexp2b.htr + ├─ aexp3.htr + ├─ aexp4b.asp + ├─ achg.asp + ├─ achg.htr + ├─ iisadmpwd.htr + └─ iispwchg.dll +``` + +### 2. Register the password change DLL + +Open an **elevated command prompt** and run: + +```cmd +regsvr32 C:\inetpub\wwwroot\reset-password\iispwchg.dll +``` + +You should receive a success message similar to: + +```text +DllRegisterServer in iispwchg.dll succeeded +``` + +### 3. Enable password change functionality + +Navigate to the IIS AdminScripts directory: + +```cmd +cd C:\Inetpub\Adminscripts +``` + +Then run: + +```cmd +cscript adsutil.vbs set w3svc/passwordchangeflags 0 +``` + +#### PasswordChangeFlags values + +| Value | Description | +|------:|-------------| +| 0 | Default – password changes enabled | +| 1 | Allow password changes without SSL | +| 2 | Disable password change | +| 4 | Disable password expiration notifications | + +Recommended value: + +```text +0 +``` + +### 4. Enable Classic ASP + +This application requires **Classic ASP**. + +Install the feature using PowerShell: + +```powershell +Install-WindowsFeature Web-ASP +``` + +Or via **Server Manager**: + +```text +Web Server + → Application Development + → Classic ASP +``` + +### 5. Create the IIS application + +Open **IIS Manager** and navigate to: + +```text +Sites + → Default Web Site +``` + +Right click **Default Web Site** and select **Add Application**. + +Use the following values: + +**Alias** + +```text +reset-password +``` + +**Physical Path** + +```text +C:\inetpub\wwwroot\reset-password +``` + +**Application Pool** + +```text +DefaultAppPool +``` + +Click **OK**. + +### 6. Restart IIS + +```cmd +iisreset +``` + +## Local Test + +Open one of the following URLs in your browser: + +```text +http://SERVER/reset-password +``` + +or + +```text +http://SERVER/reset-password/aexp4b.asp +``` + +## Reverse Proxy Example (Caddy) + +This example exposes the portal at: + +```text +https://password.example.com +``` + +while internally running under: + +```text +/reset-password +``` + +Example Caddy configuration: + +```caddy +password.example.com { + handle { + rewrite * /reset-password{uri} + + reverse_proxy :80 { + header_up Host {host} + header_up X-Forwarded-Host {host} + header_up X-Forwarded-Proto https + header_up X-Forwarded-Port 443 + header_up X-Forwarded-For {remote_host} + } + } +} +``` + +Users only access: + +```text +https://password.example.com +``` + +## Security Notes + +- Always place the portal behind **HTTPS** +- Prefer a reverse proxy with **TLS termination** +- Consider restricting access to **internal networks or VPN** +- Do not expose the portal publicly without proper access controls + +## Supported Windows Versions + +Tested with: + +- Windows Server 2012 +- Windows Server 2016 +- Windows Server 2019 +- Windows Server 2022 + +## Disclaimer + +This project restores functionality from deprecated IIS components originally shipped with **Windows Server 2003**. + +Use at your own risk. + +## License + +Provided as-is for educational and administrative purposes. +