|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Question: Security concerns enabling iisadmpwd for PWD change?Hello's
We are in the process of evaluating whether to enable password change via IIS on our Intranet site which is accessible to the outside world after presenting valid Domain credentials. What security concerns should i be aware of by turning on the Enable password change property in the IIS metabase? Many thanks for your help. Hi,
Make sure that change is done over secure channel (SSL). Also note that if user's password expired, he/she will not be able to access the iisadmpwd tool if you require username/password to access iisadmpwd tool. -- Show quoteHide quoteMike Microsoft MVP - Windows Security "Bluehades" <Blueha***@discussions.microsoft.com> wrote in message news:0DDF35E4-CCE9-455D-930E-D60F964DA6AA@microsoft.com... > Hello's > We are in the process of evaluating whether to enable password change via > IIS on our Intranet site which is accessible to the outside world after > presenting valid Domain credentials. > What security concerns should i be aware of by turning on the Enable > password change property in the IIS metabase? > > Many thanks for your help. 
Other interesting topics
IUSR problem
Kerberos from XP to IIS hosting ASP.NET 2.0 Web Service help Multiple Virtual Sites on One Server Running on Port 443 Can't import certificate to IIS One-way trust, Kerberos & IIS Self signed standalone CA gives: "Windows does not have enough information to verify this certificat SSL redirects to other SSL XMLHTTP no longer works after updates Any third-party tool to deny IP on IIS 5? IIS using old SSL Certificate |
|||||||||||||||||||||||
