Discussion:
OWA password change?
(too old to reply)
BT
2003-12-25 14:57:34 UTC
Permalink
Raw Message
Hi, i've installed the Exchange 2003 server, but in the
OWA I can't change the password of the account. What do I
have to do?
Phil S.
2003-12-25 20:43:27 UTC
Permalink
Raw Message
BT:

Only if no one else replies,

I was referred to KB articles 328242, 321582, and 267596. I messed around
with these on a test lab set up, but couldn't get it to work through an ISA
server. The above articles do refer you to other KB articles.

best of luck

Phil S.
Post by BT
Hi, i've installed the Exchange 2003 server, but in the
OWA I can't change the password of the account. What do I
have to do?
n***@e.mail
2003-12-26 14:52:12 UTC
Permalink
Raw Message
Those are some good KB pointers, but unfortunately none of them
address adding change password functionality to Exchange 2003 OWA
running on IIS 6. Anyone done that?
Dejan Foro
2003-12-28 15:09:35 UTC
Permalink
Raw Message
New installs of Exchange 2003 will by default, not allow users to change
their passwords in Outlook Web Access.

The default setting is:



Location: HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \
MSExchangeWEB \ OWA

Parameter: DisablePassword

Type: REG_DWORD

Value: 0x00000001



Set this registry parameter to 0x00000000
--
Dejan Foro
MCP, MCP+I, MCSE NT4.0, MCSE+I, MCSE 2000
Lead Exchange Architect
Infosistem
Microsoft Gold Certified Partner
Ivana Sibla 15
10000 Zagreb, Croatia
e-mail: ***@infosistem.hr
GSM: +385 91 6500 246
web: www.inet.hr/~fdejan
Post by n***@e.mail
Those are some good KB pointers, but unfortunately none of them
address adding change password functionality to Exchange 2003 OWA
running on IIS 6. Anyone done that?
n***@e.mail
2003-12-28 16:25:27 UTC
Permalink
Raw Message
Is this all that is needed? Are the ASPs and required virtual
directories already there on a fresh new E2K3 install?
Post by Dejan Foro
New installs of Exchange 2003 will by default, not allow users to change
their passwords in Outlook Web Access.
Location: HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \
MSExchangeWEB \ OWA
Parameter: DisablePassword
Type: REG_DWORD
Value: 0x00000001
Set this registry parameter to 0x00000000
Rich Matheisen [MVP]
2003-12-28 20:16:14 UTC
Permalink
Raw Message
Post by n***@e.mail
Is this all that is needed? Are the ASPs and required virtual
directories already there on a fresh new E2K3 install?
E2K and E2K3 are dramatically different to Exchange 5.5. Gone is the
"OWA Server" of 5.5, replaced by the processing of HTTP by the
Information Store.

Upon installation, every E2K and E2K3 is a functioning "OWA" server.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
n***@e.mail
2003-12-28 23:39:14 UTC
Permalink
Raw Message
Hi, Rich .. (I'm posting anonymously, but this is Kevin) ..

I think you missed the thread subject. We're not talking about OWA,
but just the password change functionality within OWA.

I was responding to a post that said all one need do to enable
password change functionality in E2K3 OWA is the simple registry key.
Unless I'm missing something, one also has to put some ASP pieces on
the OWA front-end and create a virtual directory to enable this. There
are KB articles for how to enable password change in E2K OWA, but none
yet that I can find on E2k3 OWA.
Post by Rich Matheisen [MVP]
Post by n***@e.mail
Is this all that is needed? Are the ASPs and required virtual
directories already there on a fresh new E2K3 install?
E2K and E2K3 are dramatically different to Exchange 5.5. Gone is the
"OWA Server" of 5.5, replaced by the processing of HTTP by the
Information Store.
Upon installation, every E2K and E2K3 is a functioning "OWA" server.
Rich Matheisen [MVP]
2003-12-29 01:00:10 UTC
Permalink
Raw Message
Post by n***@e.mail
Hi, Rich .. (I'm posting anonymously, but this is Kevin) ..
I think you missed the thread subject. We're not talking about OWA,
but just the password change functionality within OWA.
I suppose I did. :)
Post by n***@e.mail
I was responding to a post that said all one need do to enable
password change functionality in E2K3 OWA is the simple registry key.
The old .htr stuff is still a part of W2K and it's installed in the
iisadmpwd directory.
Post by n***@e.mail
Unless I'm missing something, one also has to put some ASP pieces on
the OWA front-end and create a virtual directory to enable this.
The iisadmpwd directory is installed in W2K3, too. But the .htr junk
is replaced by the better .asp code.

Yes, you'll have to create the IIS virtual directory to make it work,
but all the pieces are there.

My preference has alays been to NOT enable this in OWA. It's bad
enough to have OWA exposed to the web, and leading folks to the change
password button is just nuts.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Kevin
2003-12-29 15:00:56 UTC
Permalink
Raw Message
If the user has already authenticated themselves using the existing
password, why would you consider it an additional security
vulnerability to allow them to change passwords?

We find that feature handy for a certain class of users .. some of our
folks in Latin America for example use the email services we provide
and that's it .. all they ever do is OWA. Yet, we insist they change
their passwords every x months. Having that functionality in OWA is
pretty handy.
Post by Rich Matheisen [MVP]
Post by n***@e.mail
Hi, Rich .. (I'm posting anonymously, but this is Kevin) ..
I think you missed the thread subject. We're not talking about OWA,
but just the password change functionality within OWA.
I suppose I did. :)
Post by n***@e.mail
I was responding to a post that said all one need do to enable
password change functionality in E2K3 OWA is the simple registry key.
The old .htr stuff is still a part of W2K and it's installed in the
iisadmpwd directory.
Post by n***@e.mail
Unless I'm missing something, one also has to put some ASP pieces on
the OWA front-end and create a virtual directory to enable this.
The iisadmpwd directory is installed in W2K3, too. But the .htr junk
is replaced by the better .asp code.
Yes, you'll have to create the IIS virtual directory to make it work,
but all the pieces are there.
My preference has alays been to NOT enable this in OWA. It's bad
enough to have OWA exposed to the web, and leading folks to the change
password button is just nuts.
Rich Matheisen [MVP]
2003-12-30 01:17:44 UTC
Permalink
Raw Message
Post by Kevin
If the user has already authenticated themselves using the existing
password, why would you consider it an additional security
vulnerability to allow them to change passwords?
Because a cracked account can be used to prevent the rightful user
from accessing anything by changing the password.

Do you Domain Admins have mailbox-enabled accounts? How about the
Enterprise Admins? System Operators? Account Operators? Imagine trying
to regain control of a hacked system if you can't log on! :)
Post by Kevin
We find that feature handy for a certain class of users .. some of our
folks in Latin America for example use the email services we provide
and that's it .. all they ever do is OWA.
Do you have any other users that DON'T have mailbox-enabled accounts
that also have the need to change passwords? How do they manage the
password changing?
Post by Kevin
Yet, we insist they change
their passwords every x months. Having that functionality in OWA is
pretty handy.
Whether it's good for you or not is all part of the risk assessment
process you went through to arrive at the decision to allow it. If the
benefit to you outweighs the risk then it's okay. Just make sure you
had identified all the risks. :)
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Phil S.
2003-12-29 00:10:52 UTC
Permalink
Raw Message
Dekan:

Thanks a lot for that tip.

I finally got everything working. Moving out of lab and onto live system by
New Year.

Thanks again (also to the exchange.org and isaserver.org people with
their cookbooks)

Phil S.
Post by Dejan Foro
New installs of Exchange 2003 will by default, not allow users to change
their passwords in Outlook Web Access.
Location: HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \
MSExchangeWEB \ OWA
Parameter: DisablePassword
Type: REG_DWORD
Value: 0x00000001
Set this registry parameter to 0x00000000
--
Dejan Foro
MCP, MCP+I, MCSE NT4.0, MCSE+I, MCSE 2000
Lead Exchange Architect
Infosistem
Microsoft Gold Certified Partner
Ivana Sibla 15
10000 Zagreb, Croatia
GSM: +385 91 6500 246
web: www.inet.hr/~fdejan
Post by n***@e.mail
Those are some good KB pointers, but unfortunately none of them
address adding change password functionality to Exchange 2003 OWA
running on IIS 6. Anyone done that?
Jeff
2003-12-29 19:23:29 UTC
Permalink
Raw Message
Phil,

I've been dealing with this issue for most of the day and have gotten
nowhere. I have read all the MS KB article and most if not all deal with IIS
4 and 5, not 6.

You have any pointers on how you resolved this. I keep getting the "page
unavailable" error when I try to change passwords.

Thanks,
-jeff
Post by Phil S.
Thanks a lot for that tip.
I finally got everything working. Moving out of lab and onto live system by
New Year.
Thanks again (also to the exchange.org and isaserver.org people with
their cookbooks)
Phil S.
Post by Dejan Foro
New installs of Exchange 2003 will by default, not allow users to change
their passwords in Outlook Web Access.
Location: HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \
MSExchangeWEB \ OWA
Parameter: DisablePassword
Type: REG_DWORD
Value: 0x00000001
Set this registry parameter to 0x00000000
--
Dejan Foro
MCP, MCP+I, MCSE NT4.0, MCSE+I, MCSE 2000
Lead Exchange Architect
Infosistem
Microsoft Gold Certified Partner
Ivana Sibla 15
10000 Zagreb, Croatia
GSM: +385 91 6500 246
web: www.inet.hr/~fdejan
Post by n***@e.mail
Those are some good KB pointers, but unfortunately none of them
address adding change password functionality to Exchange 2003 OWA
running on IIS 6. Anyone done that?
Phil S.
2003-12-29 23:10:50 UTC
Permalink
Raw Message
Jeff:

Put down the MS documents for a moment. You need to go to www.exchange.org
and also to www.isaserver.org From What I could find out, as far as OWA,
not much difference between IIS 6.0 and previous versions.

Look for a 5 part document by Tom Shinder on OWA Exchange 2003 and ISA
server 2000. These are really cookbooks with lots of pictures. Easy to
follow. (three parts are on exchange.org and two parts at the
isaserver.org site)

This works quite well with Windows Server 2003. Yes, I know it is really
aimed at the ISA Server people, however, the basics are there: SSL,
Certificates, 128bit encryption. I found it amazingly free of typo's. The
only short coming is, it is just a little weak on the case where an
enterprise certificate is on one machine and the Exchange server is getting
a subordinate certificate.

Then apply the MS documentation on the IIS virtual site for passwords. This
must be done exactly. Then do as Dejan suggested in the message thread
above.

For me, the three biggest hurdles were: 1) the light dawns on me that I need
a public address on my external NS server different from the regular web
site as in https://owa.mycompany.com and it will take 72 hours for this to
appear across the internet; 2) my internal dns system needs to be able to
translate owa.mycompany.com to an internal address, which I did using the
HOSTS file per Tom Shinder advise which is located in the small print;
and finally 3) that hidden registry entry that Dejan pointed out.

And I am doing this for only 3 people in the sales force when I could be
home with a beer and bad movies on the tube for the whole Xmas holidays.

LOL and I hope this helps

Phil S.
Post by Jeff
Phil,
I've been dealing with this issue for most of the day and have gotten
nowhere. I have read all the MS KB article and most if not all deal with IIS
4 and 5, not 6.
You have any pointers on how you resolved this. I keep getting the "page
unavailable" error when I try to change passwords.
Thanks,
-jeff
Post by Phil S.
Thanks a lot for that tip.
I finally got everything working. Moving out of lab and onto live
system
Post by Jeff
by
Post by Phil S.
New Year.
Thanks again (also to the exchange.org and isaserver.org people with
their cookbooks)
Phil S.
Post by Dejan Foro
New installs of Exchange 2003 will by default, not allow users to change
their passwords in Outlook Web Access.
Location: HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \
MSExchangeWEB \ OWA
Parameter: DisablePassword
Type: REG_DWORD
Value: 0x00000001
Set this registry parameter to 0x00000000
--
Dejan Foro
MCP, MCP+I, MCSE NT4.0, MCSE+I, MCSE 2000
Lead Exchange Architect
Infosistem
Microsoft Gold Certified Partner
Ivana Sibla 15
10000 Zagreb, Croatia
GSM: +385 91 6500 246
web: www.inet.hr/~fdejan
Post by n***@e.mail
Those are some good KB pointers, but unfortunately none of them
address adding change password functionality to Exchange 2003 OWA
running on IIS 6. Anyone done that?
Jeff
2003-12-30 18:34:38 UTC
Permalink
Raw Message
Thanks for the info Phil. I'll check things out over the
next couple of days. Some of your comments are already
making me scratch my head, but I have already done
Dejan's reg update. It was a whole lot easier back in the
Exchange2000 days.

Now that you have it working you can have more than one
beer. Wish I was in your boat.

Thanks again,
-jeff
-----Original Message-----
Put down the MS documents for a moment. You need to go
to www.exchange.org
and also to www.isaserver.org From What I could find
out, as far as OWA,
not much difference between IIS 6.0 and previous
versions.
Look for a 5 part document by Tom Shinder on OWA
Exchange 2003 and ISA
server 2000. These are really cookbooks with lots of
pictures. Easy to
follow. (three parts are on exchange.org and two parts
at the
isaserver.org site)
This works quite well with Windows Server 2003. Yes, I
know it is really
aimed at the ISA Server people, however, the basics are
there: SSL,
Certificates, 128bit encryption. I found it amazingly
free of typo's. The
only short coming is, it is just a little weak on the
case where an
enterprise certificate is on one machine and the
Exchange server is getting
a subordinate certificate.
Then apply the MS documentation on the IIS virtual site
for passwords. This
must be done exactly. Then do as Dejan suggested in the
message thread
above.
For me, the three biggest hurdles were: 1) the light
dawns on me that I need
a public address on my external NS server different from
the regular web
site as in https://owa.mycompany.com and it will take 72
hours for this to
appear across the internet; 2) my internal dns system
needs to be able to
translate owa.mycompany.com to an internal address,
which I did using the
HOSTS file per Tom Shinder advise which is located in
the small print;
and finally 3) that hidden registry entry that Dejan
pointed out.
And I am doing this for only 3 people in the sales force
when I could be
home with a beer and bad movies on the tube for the
whole Xmas holidays.
LOL and I hope this helps
Phil S.
Post by Jeff
Phil,
I've been dealing with this issue for most of the day
and have gotten
Post by Jeff
nowhere. I have read all the MS KB article and most if
not all deal with
IIS
Post by Jeff
4 and 5, not 6.
You have any pointers on how you resolved this. I keep
getting the "page
Post by Jeff
unavailable" error when I try to change passwords.
Thanks,
-jeff
Post by Phil S.
Thanks a lot for that tip.
I finally got everything working. Moving out of lab
and onto live
system
Post by Jeff
by
Post by Phil S.
New Year.
Thanks again (also to the exchange.org and
isaserver.org people with
Post by Jeff
Post by Phil S.
their cookbooks)
Phil S.
Post by Dejan Foro
New installs of Exchange 2003 will by default, not
allow users to
change
Post by Jeff
Post by Phil S.
Post by Dejan Foro
their passwords in Outlook Web Access.
Location: HKEY_LOCAL_MACHINE \ System \
CurrentControlSet \ Services \
Post by Jeff
Post by Phil S.
Post by Dejan Foro
MSExchangeWEB \ OWA
Parameter: DisablePassword
Type: REG_DWORD
Value: 0x00000001
Set this registry parameter to 0x00000000
--
Dejan Foro
MCP, MCP+I, MCSE NT4.0, MCSE+I, MCSE 2000
Lead Exchange Architect
Infosistem
Microsoft Gold Certified Partner
Ivana Sibla 15
10000 Zagreb, Croatia
GSM: +385 91 6500 246
web: www.inet.hr/~fdejan
Post by n***@e.mail
Those are some good KB pointers, but
unfortunately none of them
Post by Jeff
Post by Phil S.
Post by Dejan Foro
Post by n***@e.mail
address adding change password functionality to
Exchange 2003 OWA
Post by Jeff
Post by Phil S.
Post by Dejan Foro
Post by n***@e.mail
running on IIS 6. Anyone done that?
.
r***@gmail.com
2014-11-15 08:53:24 UTC
Permalink
Raw Message
Hey
Are you suffering from any problems related to bt. Password help offer BT Com support services like password recovery, e mail support, update new number, file attachment, mail account set up and so on for the users of BT Com Mail service etc.
Help Line No. 0800-078-6044. try and get results..............

Loading...