Fishery

Users who logon to a windows domain can change their password for their domain accounts when they are not signed in? Here is a simple way.
There are many cases, though far from ideal usage, where a legitimate user is not logged on to a Windows domain on your network, and still may need to change his password. When he is logged on to the domain, he can simply press Ctrl+Alt+Delete, select ‘Change Password’ button and do it. But if he is logged on to his local system or another domain, changing the password becomes difficult. One way around is to call up the administrator and get him to change it. But this means that the new password is not a secret one. The best way is to use IIS. Note that to continue with the steps described below, you need to be on a Windows Server 2003 driven domain with IIS 6.0 installed.

Step 1: Enable scripts.
In some cases, the scripts to use the functionality (changing passwords) may have been installed to the server’s hard disk, but not linked to IIS. To check whether the scripts have been installed, open the IIS management console, the Website folder and then the Default Website node there. If a virtual directory site by name ‘IIS Admin password’ exists, skip to step 3 below. Right click and create a new Virtual Directory. Provide the path as ‘%systemroot%\system32\Inetsrv\Iisadmpwd’ with ‘Read’ and ‘Run scripts’ permissions. Now, we need to allow this script to change passwords. Open a command prompt window and change directory to your INETPUB folder and the following command.
You can alternatively set it to ‘0’ (instead of the ‘1’ at the end of the command above) to allow the operation only if it comes in on HTTP(we are enabling it for regular HTTP).

Step 2: Configure access
Now, we need to limit access to this path to only legitimate users of the domain. This is simple. Go again to the IIS management console; navigate to the virtual directory site you added in step 1 and select Properties from its context menu. Go to the Directory Security tab and click on the Edit button under ‘Authentication’ and check the option for ‘Integrated Windows Authentication’. Now, when a user hits the URL to change his password, he will see a login box to authenticate himself before proceeding.

Step 3: Change password

To change password, user should visit <http://mydomainserver/iisadmpwd/aexp2b.asp>.  Now , the user can be logged on locally to his computer and still change his password. Also, if he is mobile and this URL is accessible from the Net, then also he can change his password.