Windows Tips & Tricks UPDATE--April 26, 2004
April 26, 2004
Windows Tips & Tricks UPDATE, April 26, 2004, —brought to you by the Windows & .NET Magazine Network and the Windows 2000 FAQ site
http://www.windows2000faq.com
This Issue Sponsored By
PowerPack from IBM: Evaluate IBM Software
http://www.ibm.com/vrm/software/powerpack/winnetmagtips
Postini Perimeter Manager
http://www.winnetmag.com/seminars/emailsecurity/
Sponsor: PowerPack from IBM: Evaluate IBM Software
Sign up for the PowerPack of your choice (based on your development role or software tools of interest), and we'll send you the latest IBM evaluation software on DVD at no charge. Choose from eight different PowerPack tracks depending on your interest area: .NET Developer, Java Platform Developer, Embedded Developer, Software Architect, Project Manager, Senior Decision Maker, Analyst, and Tester. Over the next three weeks, we'll also provide you with a customized collection of technical resources to help you evaluate IBM software development tools, including technical articles, demos, online tutorials, Webcasts, whitepapers, posters, and more. View what you want. Evaluate what you need. Explore your technical interests.
http://www.ibm.com/vrm/software/powerpack/winnetmagtips
FAQs
Q. Does Windows Server 2003 provide a way to let users change their passwords remotely on the Web?
Q. How can I create a Web page where users can change their passwords?
Q. How can I control access to the IISADMPWD virtual directory?
Q. How can I enable the RAS Dial-in tab on Windows XP computers that run Administration Tools?
Q. How can I create a default DNS entry?
Commentary
by John Savill, FAQ Editor, [email protected]
This week, I tell you how to enable the Internet Information Services (IIS) 6.0 Web administration tools so you can provide a Web page where users can change their passwords, and I provide an Active Server Pages (ASP) script that you can use to create your own Web page for the same purpose. I also explain how to control access to the IISADMPWD virtual directory, how to enable the RAS Dial-in tab on Windows XP computers that run Administration Tools, and how to create a default DNS entry.
Sponsor: Postini Perimeter Manager
Learn from a real world case study given by one of your IT colleagues on how he reduced spam and viruses and improved his email security and productivity. You'll get the inside scoop on how Enterprise Rent-A-Car evaluated and selected a managed service solution to protect its email system. Then hear email expert Scott Petry describe the merits of the "preemptive" email security approach, as well as the latest trends in spam and virus attacks. Register today to learn more about choosing the right anti-spam solution for your organization.
http://www.winnetmag.com/seminars/emailsecurity/
FAQs
Q. Does Windows Server 2003 provide a way to let users change their passwords remotely on the Web?
A. The version of Internet Information Services (IIS) 6.0 that ships with Windows 2003 includes some Web-administration tools that are disabled by default. To enable the tools, perform the following steps:
Start the Microsoft Management Console (MMC) IIS Management snap-in by clicking Start, Programs, Administrative Tools, Internet Information Server (IIS) Management.
Navigate to Web Sites, Default Web Site.
Right-click Default Web Site. Select New, then select Virtual Directory. You'll see the Virtual Directory Creation Wizard Welcome screen.
Click Next.
Enter an alias of IISADMPWD and click Next.
For the actual publish folder value, enter C:windowssystem32inetsrviisadmpwd (where C:windows is the directory in which Windows is installed). Click Next.
For virtual directory permissions, select the Read and Run scripts check box, if it isn't already selected. Click Next.
Click Finish.
You can access the new interface at http:///iisadmpwd/aexp2.asp to change a local account password or at http:///iisadmpwd/aexp2b.asp to change a domain password. The figure at Figure 1 shows a sample Web interface for changing a domain password.
Q. How can I create a Web page where users can change their passwords?
A. You can write an Active Server Pages (ASP) script that creates a password-change Web page. ASP gives you complete access to Microsoft Active Directory Service Interfaces (ADSI), which lets you perform a variety of functions, such as changing passwords or creating accounts. When you write such a script, you must consider factors such as the user account under which the script will run and the permissions you want to use when the script runs. The basic ADSI command to change a user's password is
set usr = GetObject("LDAP://CN=JohnSavill,CN=Users,DC=savilltech,DC=com") usr.put "userPassword", NewPassword
The first line (shown as two lines because of space constraints) assigns a handle to user John Savill in domain savilltech.com. The next line puts the text NewPassword into the userPassword attribute.
I've written a short ASP script that prompts the user to enter a username and password (remember to change the domain from savilltech.com to your domain). The script, which is available at Code, is listed below.
<%strUserCN = request.form("cn")strNewPassword = request.form("newpass")strPassVerify = request.form("passverify")if strUserCN="" then response.write "<html><head><title>Change Password</title></head><body>" response.write "<center><h1>Web Password Reset</h1></center>" response.write "<hr><br><br><form method=post action=changepass.asp><table>" response.write "<tr><td>CN: </td><td><input type=text name=cn></td><tr>" response.write "<tr><td>New Password: </td><td><input type=password name=newpass></td></tr>" response.write "<tr><td>Verify Password: </td><td><input type=password name=passverify></td></tr>" response.write "<tr><td colspan=2 align=center><input type=submit value='Reset Password'></td></tr>" response.write "</table></body></html>" response.endelseif strNewPassword = strPassVerify thenset usr = GetObject("LDAP://CN=" & strUserCN & ",CN=Users,DC=savilltech,DC=com")usr.put "userPassword", strNewPasswordresponse.write "<html><head><title>Results</title></head><center><h1>Update Results</h1></center><hr><br><br>"response.write strUserCN & ": password was successfully updated"response.endelse response.write "<html><head><title>Error!</title></head><body>" response.write "<center><h1>An Error Has Occurred!</h1></center>" response.write "<hr><br><br>" response.write "The password and confirmation do not match. Please go back and try again." response.endend ifend if%>
Windows Server 2003 provides its own Web pages for password changes, which I discuss in the FAQ "Does Windows Server 2003 provide a way to let users change their passwords remotely on the Web?". However, you might find the sample ASP script useful for creating password-change interfaces on your own Web pages or sites.
Q. How can I control access to the IISADMPWD virtual directory?
A. When you use the default IISADMPWD virtual directory to enable a Web page where users can change passwords, as I discussed in the FAQ "Does Windows Server 2003 provide a way to let users change their passwords remotely on the Web?", the Microsoft IIS server sends the user's password information unencrypted over the network, which creates a security risk. To avoid transmitting unencrypted passwords, you must enable Secure Sockets Layer (SSL) by following these steps:
Start a command prompt by clicking Start, Run and typing
cmd.exe
Navigate to the C:InetpubAdminscripts directory.
At the command prompt, type
adsutil.vbs set w3svc/1/PasswordChangeFlags 0
This command runs the adsutil.vbs script, which sets the password change option (specified by the PasswordChangeFlags value). The w3svc/1 parameter means the first default Web site; 0 means SSL is required. Setting the PasswordChangeFlags value to 1 specifies that SSL isn't used. (Setting the value to 2 disables the user's ability to change the password.)
Restart the IIS server to effect the change.
Q. How can I enable the RAS Dial-in tab on Windows XP computers that run Administration Tools?
A. To enable the RAS Dial-in tab in the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in on an XP machine that runs the Administration Tools distribution package (Adminpak.msi), perform the following steps:
Create a registry file called dialin.reg. To do this, open a new file in a text editor such as Notepad, copy and paste the following text in the file, and name it dialin.reg:
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOTRasDialin.UserAdminExt]@="" [HKEY_CLASSES_ROOTRasDialin.UserAdminExtCLSID]@="{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}" [HKEY_CLASSES_ROOTRasDialin.UserAdminExt.1]@="" [HKEY_CLASSES_ROOTRasDialin.UserAdminExt.1CLSID]@="{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}"[HKEY_LOCAL_MACHINESOFTWAREMicrosoftMMCNodeTypes\{19195a5b-6da0-11d0-afd3-00c04fd930c9}ExtensionsNameSpace]"{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}"="RAS Dialin - User Node Extension"
Merge dialin.reg with your XP registry, or run the following command from the command prompt:
regedit /s dialin.reg
Open a command prompt in XP and type the following commands, where ServerName is a Windows Server 2003 domain controller (DC) that has Adminpak.msi installed:
cd /d %SystemRoot%System32copy \ServerNameAdmin$System32mprsnap.dll *.*copy \ServerNameAdmin$System32rasuser.dll *.*copy \ServerNameAdmin$System32rtrfiltr.dll *.*regsvr32 rasuser.dll
Click OK to acknowledge the registration of the rasuser library. Your remote XP system should now have the RAS Dial-in tab.
Thanks to reader Bob Kroeger for providing this tip in response to the FAQ, "I use the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in from a remote computer. I've noticed that certain Property tabs are missing. Can I restore the tabs?", at http://www.winnetmag.com, InstantDoc ID 42256.
Q. How can I create a default DNS entry?
A. If you want DNS to return a particular IP address when no host record exists for a queried address, create a host record with a name of "*" (an asterisk) and assign to the host record the IP address you want DNS to return as the default. One common use for a default DNS entry is when you have many different Web servers and you want a Web server to display a default page when a user incorrectly enters a server name.
Announcements
(from Windows & .NET Magazine and its partners)
Try a Sample Issue of Exchange & Outlook Administrator!
If you haven't seen Exchange & Outlook Administrator, you're missing out on key information that will go a long way towards preventing serious messaging problems and downtime. Request a sample issue today, and discover tools you won't find anywhere else to help you migrate, optimize, administer, and secure Exchange and Outlook. Order now!
http://www.exchangeadmin.com/rd.cfm?code=fsep234xup
Discover the Basics of Active Directory Fundamentals
In this free Web seminar, we'll look at the logical concepts as they relate to domain, trees, and forests and the physical concepts of domain controllers and sites. We'll also explain the relationship between Active Directory and the Domain Naming Service, as well as cover some operation functions. Register now!
http://msevents.microsoft.com/cui/eventdetail.aspx?eventid=1032246759&culture=en-us
Events Central
(A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events )
Sign Up for 2 Great Roadshows About Security and Exchange
Don't miss 2 free roadshow tours covering hot security and Exchange topics. Learn how to simplify your life with Windows Server 2003 and Exchange Server 2003 and protect your infrastructure and applications against security threats. Coming to your city soon. Register now!
http://www.winnetmag.com/roadshows
Sponsored Links
Argent
Comparison Paper: The Argent Guardian Easily Beats Out MOM
Microsoft(R) TechNet
Microsoft(R) TechNet Webcasts: essential guidance, industry experts
http://ad.doubleclick.net/clk;7759917;8214395;c?http://www.microsoft.com/technet/community/webcasts/default.mspx
Microsoft Security
Knowledge Improves Security. Visit www.securitywhitepaper.com.
http://ad.doubleclick.net/clk;7836244;8214395;r?http://ad.doubleclick.net/clk;7812558;9026172;o?http://www.securitywhitepaper.com/default.asp?id=wn5548
Contact Us
Here's how to reach us with your comments and questions:
About the newsletter — [email protected]
About technical questions — http://www.winnetmag.com/forums
About product news — [email protected]
About your subscription — [email protected]
About sponsoring UPDATE — [email protected]
This weekly email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
http://www.winnetmag.com/sub.cfm?code=wswi201x1z
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email
About the Author
You May Also Like