IIS Server Security - Question: Security concerns enabling iisadmpwd for PWD change?

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > April 2006 > Question: Security concerns enabling iisadmpwd for PWD change?





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Question: Security concerns enabling iisadmpwd for PWD change?
Bluehades

2006-04-27, 7:52 am

Hello's
We are in the process of evaluating whether to enable password change via
IIS on our Intranet site which is accessible to the outside world after
presenting valid Domain credentials.
What security concerns should i be aware of by turning on the Enable
password change property in the IIS metabase?

Many thanks for your help.
Miha Pihler [MVP]

2006-04-27, 7:52 am

Hi,

Make sure that change is done over secure channel (SSL). Also note that if
user's password expired, he/she will not be able to access the iisadmpwd
tool if you require username/password to access iisadmpwd tool.

--
Mike
Microsoft MVP - Windows Security


"Bluehades" <Bluehades@discussions.microsoft.com> wrote in message
news:0DDF35E4-CCE9-455D-930E-D60F964DA6AA@microsoft.com...
> Hello's
> We are in the process of evaluating whether to enable password change via
> IIS on our Intranet site which is accessible to the outside world after
> presenting valid Domain credentials.
> What security concerns should i be aware of by turning on the Enable
> password change property in the IIS metabase?
>
> Many thanks for your help.


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com