| Wei-Dong Xu [MSFT] 2004-01-28, 4:34 pm |
| Hi Rob,
Thanks for posting in the community!
From my understanding, you have created some acconts in your own foreast
for the users from other domains. They will need to modify their password
at the first logon time which is restricted by the policy. However, you are
not going to let them change the password at the first logon time to your
foreast, perhaps due to some restrictions or some special restrictions. You
have created one IISAdmPWD virtual directory to use the IIS changing
password script files to provide the web interface for the users to change
the password. However, when you go to the achg.asp file, the "the page
cannot be displayed" error stopped you.
The directory "IISAdmPWD" will be installed by default in the folder
"%windir%\system32\inetsrv\" in IIS6. You can directly create one new
virtual directory in one web site to point to that folder. You will need to
grant the "Direcotry browsing" permisstion to this virtual directory so
that these asp file will be listed for you when you first visit the virtual
directory, such as http://MyBox/IISAdmPWD/, because there is no any
default-named page in this directory. After that, you can visit the virtual
directory directly to change the password.
Based on my experience, I'd suggest you can visit the anot3.asp page at
first and then click the ok button to browse the aexp4.asp which will
supplies the textboxes for the users to modify their password. They can
input the username in the format:
<machine name or domain name>\<username>
After all the inputting, click ok to update the password. The aexp4.asp
page calls the achg.asp file to update the password for the specifed user.
If IE returns "the page cannot be displayed" error for you, I'd suggest we
can troubleshoot this issue in three ways:
1) check whether asp is supported in the web service node of IIS mmc. If
not, please enable it
2) enable the asp client and server side debugging supports in the Virtual
directory properties window. Please click the "Configuration..." button in
the "Virtual Directory" tab and then select "Debugging" tab of the pop-up
"Application Configuration" window. Choose the "Enable Asp Server..." and
"Enable Asp Client..." items which will enable the client and server
debugging for Asp. Click ok to exit. After that, please visit the anot3.asp
and then try to update one user's password to see what error is returned in
the web page.
3) disable the "Display friendly http error message" item in
IE->Tools->Internet Options->Advanced->Settings->Browsing", then try to
access the asp file to see what error is returned.
It will be appreciated you tell me the troubleshooting result.
From IIS side, I think these scripts will help you a lot to change the user
password. If you prefer to use the asp file directly, you may need to use
SSL to build one secure connection to the client so that the user name and
password will be encrypted in the whole connection. This way, you can
provide one secure service for the users from other domain through the
public internet. However, if using SSL, I'd suggest you check and test the
script codes to see which part should be modified for the SSL scenario, for
the script only considers the normal internet connection.
Other way, you can also use ADSI object to build one changing-password asp
page for the users. The IISAdmPWD will provide some assistance for you on
creating a new one. The reference to the interface "IADsUser" can help you
to modify the user password. There is more information on this interface
from Microsoft.com, please visit:
IADsUser
http://msdn.microsoft.com/library/d...-us/adsi/adsi/i
adsuser.asp
There is also one changing password sample from Microsoft.com. Please go to:
IADsUser::ChangePassword
http://msdn.microsoft.com/library/d...-us/adsi/adsi/i
adsuser_changepassword.asp
Furthermore, from my view, I'd suggest you can tell these users from other
domain to login into your domain in Terminal service through RAS or VPN to
change the password directly when they first login in. After they login,
you can configure the Termianal service server to display one welcome
message for them and provides no any application or menu for them. This is
purely one server providing the changing-password service. You will need to
write logon script to provide this service.
In addition, so far as I know, the kb article Q269082 introduces the
configuration of IISAdmPWD in IIS5. I don't think there is one article for
the configuration in IIS6. You can follow my suggestion above to configure
the IISAdmPWD. From my expeirence, we will not have to modify the metabase
in IIS6, to directly create one new virtual directory and enable asp suport
is enough.
Please feel free to let me know if you have any further questions. I am
standing by to be of assistance.
Does this answer your question? Thank you for using Microsoft NewsGroup!
Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
|