phillip.unzen/IISADMPWD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc431114f353ae2b7b623138970c62a093bfe7fc
IISADMPWD/README.md
Phillip Unzen dc431114f3 Change Filetype
2026-03-10 06:35:32 +00:00

244 lines
4.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# IISADMPWD Active Directory Password Change Portal for Modern Windows Server
This project restores the classic **IISADMPWD password change functionality** on modern Windows Server versions (2008/2012/2016/2019/2022+) and provides a slightly modernized UI.
It allows domain users to **change their Active Directory password through a web portal**.
Microsoft deprecated this feature after **IIS 6**, so it is no longer available in clean Windows Server installations. This repository provides the required files and instructions to restore the functionality.
## Features
- Active Directory password change via web UI
- Compatible with modern Windows Server versions
- Works behind reverse proxies such as Caddy, Nginx, and Traefik
- Updated UI with a more modern look
- Lightweight, with no external dependencies
- No visible internal IIS path required for end users
## Architecture Example
```text
User
https://password.example.com
Reverse Proxy (Caddy / Nginx / Traefik)
IIS Server
/reset-password
```
External users only see:
```text
https://password.example.com
```
The internal IIS path remains hidden.
## Installation
### 1. Copy the files
Copy the repository contents to your IIS server:
```text
C:\inetpub\wwwroot\reset-password
```
The folder structure should look similar to:
```text
reset-password
├─ aexp2.htr
├─ aexp2b.htr
├─ aexp3.htr
├─ aexp4b.asp
├─ achg.asp
├─ achg.htr
├─ iisadmpwd.htr
└─ iispwchg.dll
```
### 2. Register the password change DLL
Open an **elevated command prompt** and run:
```cmd
regsvr32 C:\inetpub\wwwroot\reset-password\iispwchg.dll
```
You should receive a success message similar to:
```text
DllRegisterServer in iispwchg.dll succeeded
```
### 3. Enable password change functionality
Navigate to the IIS AdminScripts directory:
```cmd
cd C:\Inetpub\Adminscripts
```
Then run:
```cmd
cscript adsutil.vbs set w3svc/passwordchangeflags 0
```
#### PasswordChangeFlags values
| Value | Description |
|------:|-------------|
| 0 | Default password changes enabled |
| 1 | Allow password changes without SSL |
| 2 | Disable password change |
| 4 | Disable password expiration notifications |
Recommended value:
```text
0
```
### 4. Enable Classic ASP
This application requires **Classic ASP**.
Install the feature using PowerShell:
```powershell
Install-WindowsFeature Web-ASP
```
Or via **Server Manager**:
```text
Web Server
→ Application Development
→ Classic ASP
```
### 5. Create the IIS application
Open **IIS Manager** and navigate to:
```text
Sites
→ Default Web Site
```
Right click **Default Web Site** and select **Add Application**.
Use the following values:
**Alias**
```text
reset-password
```
**Physical Path**
```text
C:\inetpub\wwwroot\reset-password
```
**Application Pool**
```text
DefaultAppPool
```
Click **OK**.
### 6. Restart IIS
```cmd
iisreset
```
## Local Test
Open one of the following URLs in your browser:
```text
http://SERVER/reset-password
```
or
```text
http://SERVER/reset-password/aexp4b.asp
```
## Reverse Proxy Example (Caddy)
This example exposes the portal at:
```text
https://password.example.com
```
while internally running under:
```text
/reset-password
```
Example Caddy configuration:
```caddy
password.example.com {
handle {
rewrite * /reset-password{uri}
reverse_proxy <ip-address>:80 {
header_up Host {host}
header_up X-Forwarded-Host {host}
header_up X-Forwarded-Proto https
header_up X-Forwarded-Port 443
header_up X-Forwarded-For {remote_host}
}
}
}
```
Users only access:
```text
https://password.example.com
```
## Security Notes
- Always place the portal behind **HTTPS**
- Prefer a reverse proxy with **TLS termination**
- Consider restricting access to **internal networks or VPN**
- Do not expose the portal publicly without proper access controls
## Supported Windows Versions
Tested with:
- Windows Server 2012
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
## Disclaimer
This project restores functionality from deprecated IIS components originally shipped with **Windows Server 2003**.
Use at your own risk.
## License
Provided as-is for educational and administrative purposes.
Reference in New Issue View Git Blame Copy Permalink