Password changes are an important first line of defense in protecting your network. Making this task easier for your users, will hopefully improve the chances that they actually do change it. Windows 2003 allows you to change passwords via a webpage on your intranet. To start we need to open up the IIS Manager MMC.

Drill down to the Default Website and right-click it. Select New --> Virtual Directory. The New Virtual Directory Wizard will start, click Next and enter the name IISADMPWD for the virtual directory and click Next..

Browse to C:\Windows\System32\inetsrv\iisadmpwd directory and click Next.

Allow Read and Run scripts and click Next to finish the wizard.

Ensure you have ASP enabled on the server and then open IE and go to http://servername/IISADMPWD/ae2xpb.asp

From here your users will be able to change their passwords. One note, I did add a notice to my internal password page that notifies the user that there will be a slight delay before the password change takes place. This ensures that the change gets applied on the PDC, in my setup I figured 5 minutes was enough. One final, and probably the most important thing, is to enable SSL on the default website and force this page to use SSL. Non-SSL connections will send the credentials out over the network in clear text, not good. Once you have SSL configured, run the following command from Inetpub\Adminscript to :

cscript.exe adsutil.vbs set w3svc/1/PasswordChangeFlags 0

Users will now have to visit via https://servername/IISADMPWD/ae2xpb.asp to perform the change.