WSS 2.0 : "Getting unauthorized access" error when ‘User must change password at next logon’ is enabled

  • Article

Problem Background : When you enable "user must change password at next logon", then the corresponding user will face the unauthentication issues.

To resolves this, you may enable IISADMPWD for WSS

How to enable the IISADMPWD for WSS?

  • To register iispwchg.dll, follow these steps:
    • Click START, and then click RUN
    • In the open box type the following and then press ENTER:
             Regsvr32 “%systemroot%\system32\inetsrv\iisadmpwd\iispwchg.dll
  • To create the IISADMPWD virtual directory, follow these steps:
    • In the Internet Services Manager Microsoft management Console (MMC), expand Web Sites, right-click the <SharePoint Site>, select New, and then select Virtual Directory.
    • When the Virtual Directory Creation Wizard starts, follow the instructions to create the virtual directory with the alias IISADMPWD. Point the path to the local %systemroot%\System32\Inetsrv\Iisadmpwd directory. For the Access Permissions allow both Read and Run Script privilages.
  • To execlude IISADMPWD from WSS Managed path, follow these steps:
    • Click start, point to All Programs, point to Administrative Tools, and then click SharePoint Central Administration
    • On the Central Adminitstration Page, under Virtual Server Configuration, click Configure virtual server settings
    • On the virtual server List Page, select the virtual server you want to configure
    • On the virtual server settings page, under Virtual server Management, click Define Managed paths.
    • Under Add a New Path, type iisadmpwd, and in Type select “Excluded Path” and then click OK
  • To set the PasswordChangeFlags value in the IIS metabase, do the following:
    • From a command prompt browse to the C:\Inetpub\Adminscripts directory.
    • Type adsutil.vbs, and then press the ENTER key. If this is the first time that Adsutil.vbs has been run, you may get error messages stating that Cscript is not registered. Follow the prompts and choose Yes to register Cscript.
    • Type adsutil.vbs set w3svc/<THE ID FOR SHAREPOINT SITE>/PasswordChangeFlags 1
      Note : The id for the SharePoint site can be identified from the IIS manager. In IIS manager select websites and you can identify the identifier for individual site from the right pane.

Now you will be able to get the IIS password management page when the “User must change password at next logon” selected.

[Keep Using SharePoint]