| Author | Messages | |
ken
Posts:59
 | | 08/27/2005 8:28 AM |
| The original Password Change functionality used HTRs, and there was a buffer
overflow vulnerability in the ISAPI Extension that handled HTRs (ism.dll).
There's a download on the MS Downloads page that substitutes ASP pages:
http://support.microsoft.com/?id=331834
Change password functionality replaced with Active Server Pages
Cheers
Ken
: -----Original Message-----
: From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-
: owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe
: Sent: Saturday, 27 August 2005 5:08 PM
: To: ActiveDir@xxxxxxxxxxxxxxxxxx
: Subject: FW: [Fwd: RE: [ActiveDir] Password policy change]
:
: >From a "shy" lurker MVP....
:
: It appears it is something you can enable. It isn't strictly part of OWA
: but
: the old IIS Password change tool. I recall there being issues with that
: tool
: and that is why they stopped enabling it by default but can't recall what
: they were this late at night or this early in the morning whatever it may
: be. ;o)
:
: Thanks for the assist Mom. :)
:
:
:
: -----Original Message-----
: Sent: Saturday, August 27, 2005 2:24 AM
: To: listmail@xxxxxxxxxxx
: Subject: [Fwd: RE: [ActiveDir] Password policy change]
:
: http://www.petri.co.il/enable_password_changing_through_owa_in_exchange_20
: 03
: .htm
:
:
: -------- Original Message --------
: Subject: RE: [ActiveDir] Password policy change
: Date: Sat, 27 Aug 2005 02:16:14 -0400
: From: joe
: Reply-To: ActiveDir@xxxxxxxxxxxxxxxxxx
: To:
:
:
:
: Yep, OWA is Outlook Web Access. If you haven't seen it, it is gorgeous in
: Exchange 2003. It looks almost exactly like Outlook. Unfortunately, if
: your
: password is expired (forced or otherwise) you aren't getting into OWA. I
: also don't believe it has a password change function if you just want to
: go
: and change it, but that could be something that could be enabled.
: Alternatively you set up another web page to do it.
:
: As for the OPs original issue. It all comes down to implementation. You
: told
: the system to not allow people to change the password if the password age
: was less than one day and then were confused when it did exactly that. The
: reason for it is that there is one attribute for password age, pwdLastSet,
: and it doesn't distinguish between a helpdesk set operation or a normal
: password change, they are both password changes and you only want one day
: between every change. The proper way to handle that case is to force the
: user's to change their password on next logon (which sets the pwdLastSet
: to
: 0), but as you know, that will kill OWA users. So you either need another
: process to follow for OWA only users, install some third party or custom
: inhouse tool, or drop the minimum password aging.
:
: joe
:
:
: -----Original Message-----
: From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
: [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of SysPro Support
: Sent: Saturday, August 27, 2005 12:09 AM
: To: ActiveDir@xxxxxxxxxxxxxxxxxx
: Subject: Re: [ActiveDir] Password policy change
:
: Your right Aaron, I didn't know what it meant.!
:
: I am not an outlook sort of person (we use Notes...), but the inferred
: statement surprises me. It suggests that if the "must change password" is
: set, you can't logon to Outlook Web Access.
:
: This would suggest that forcing users to change password after (say) 28
: days
: is also a no-no.
:
: And, it would also suggest that Outlook Web Access won't let you change
: your
: password. If it did, it would surely allow you to logon, then require you
: to
: change the password before you do anything..
:
: This all seems unlikely, given Microsoft's recommended use of forcing
: password changes on a regular basis and forcing users to change a password
: when a new user is created.
:
: If it is all true, maybe you have to provide some way that the users can
: go
: to a Citrix portal and change their password there, then go back and use
: Outlook Web Access.
:
: Alan Cuthbertson
:
:
: Policy Management Software:-
: http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml
: ADM Template Editor:-
: http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml
: Policy Log Reporter(Free)
: http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml
:
:
:
:
: ----- Original Message -----
: From: "Aaron Visser"
: To:
: Sent: Saturday, August 27, 2005 8:59 AM
: Subject: Re: [ActiveDir] Password policy change
:
:
: Nevermind OWA = Outlook Web Access
:
:
: On 8/26/05 3:39 PM, "Figueroa, Johnny"
: wrote:
:
: >
: > I mean, if I use the check box to "user must change password at next
: logon"
: > our users whose only way into the domain is OWA will not prompt them
: > to
: change
: > their password... Unless I am missing something.
: >
: > Thanks
: >
: > -----Original Message-----
: > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
: > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of SysPro
: > Support
: > Sent: Friday, August 26, 2005 3:19 PM
: > To: ActiveDir@xxxxxxxxxxxxxxxxxx
: > Subject: Re: [ActiveDir] Password policy change
: >
: > Johnny,
: >
: > We do exactly what you suggest, change the password and set the "user
: > must change password at next logon" and they are able to change it,
: > even within
: the
: > "password cannot be changed period".
: >
: > What do you mean by "that would effectively lock out the OWA only
: users"?
: >
: >
: > Alan Cuthbertson
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
|
|