Link to home
Create AccountLog in
Avatar of egxis
egxis

asked on

Allow users to change password using IIS

I have a server which hosts reports using SQL Reporting Services. The users have Windows accounts on the server hosting the reports, and authenticate using these credentials.

I would like to allow users to change their password / to force password changes every 60 days, and ensuring password complexity standards are met.

What would be the best way to achieve this?

Thanks.
Avatar of Ted Bouskill
Ted Bouskill
Flag of Canada image

Can't be done without removing all of the security on the web server.
Avatar of egxis
egxis

ASKER

What do you mean by this?

That it cannot be done unless the Windows security model is replaced with another?
ASKER CERTIFIED SOLUTION
Avatar of Ted Bouskill
Ted Bouskill
Flag of Canada image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of egxis

ASKER

Point taken, thanks for briefly running through the underlying access model.

So by allowing users to change their password, would require elevated privileges for that process, which could put the server/domain at risk. Not a good thing.
Yes, you have it now.  IIS is actually a very secure application if configured correctly and you stick with the default privileges for the process accounts.