Hello's
We are in the process of evaluating whether to enable password change via
IIS on our Intranet site which is accessible to the outside world after
presenting valid Domain credentials.
What security concerns should i be aware of by turning on the Enable
password change property in the IIS metabase?
Many thanks for your help.
Hi,
Make sure that change is done over secure channel (SSL). Also note that if
user's password expired, he/she will not be able to access the iisadmpwd
tool if you require username/password to access iisadmpwd tool.
--
Mike
Microsoft MVP - Windows Security
"Bluehades"
news:0DDF35E4-CCE9-455D-930E-D60F964DA6AA@microsoft.com...
> Hello's
> We are in the process of evaluating whether to enable password change via
> IIS on our Intranet site which is accessible to the outside world after
> presenting valid Domain credentials.
> What security concerns should i be aware of by turning on the Enable
> password change property in the IIS metabase?
>
> Many thanks for your help.