In this text we’ll present how distant customers can change their expired passwords on a Remote Desktop Services (RDS) farm working Windows Server 2016 / 2012 R2.
In Windows Server 2012 R2 / 2016 and Windows 10/ eight.1 the NLA (Network Level Authentication) is enabled for the distant desktop connections by default. NLA doesn’t permit customers to join over RDP if their passwords have expired. You can disable NLA (, ), however this isn’t superb when it comes to safety. When you attempt to join to the RDSH server (Remote Desktop Session Host) beneath a consumer account withe the expired password, the next error message seems:
An authentication error has occurred.
The Local Security Authority can’t be contacted
Remote laptop: lonSrvRDS1
This may very well be due to an expired password
Please replace your password if it has expired.
Thus, when utilizing NLA, the issue of fixing an expired password over RDP can develop into virtually unsolvable for distant customers having no different methods to logon to the company laptop or server. Certainly, you’ll be able to ask your customers to change their passwords instantly within the RDP session prematurely, nevertheless it doesn’t at all times work due to a standard forgetfulness of the customers.
In Windows 2012 / R2 and newer an possibility appeared that permits a distant consumer to change their password (present or an expired one) utilizing a particular web-page on the RD Web Access server. The password will likely be modified like this: a consumer logs in to the registration net web page on the server with the RD Web Access function and modifications his password utilizing a particular aspx kind.
Note. In the outdated Windows Server 2003 you should use a small net utility
IISADMPWD for distant password change within the area (although not formally supported).
A distant password change possibility is out there on the server with the Remote Desktop Web Access (RD Web Access) function, however it’s disabled by default. To change a password, a script password.aspx is used, which is positioned in C:WindowsWebRDWebPagesen-US.
If you might be utilizing a localized model of Windows Server (with out language pack) the trail to the password.aspx file will likely be totally different and seem like this: C:WindowsWebRDWebPagesfr-FR – for the French version of Windows Server or C:WindowsWebRDWebPagesde-DE – for German.
To allow the password change characteristic, you want to open the IIS Manager console on the server with the configured RD Web Access function, go to [Server Name] –> Sites –> Default Web Site –> RDWeb –> Pages and open the part Application Settings.
In the best pane, discover PasswordChangeEnabled parameter and alter its worth to true.
Restart IIS from the console or utilizing the
To test the supply of the password change web page, go to the next web-page:
After efficiently altering the consumer’s password, the next message ought to seem:
Your password has been efficiently modified.
Click OK and the consumer will likely be redirected to the RD Web login web page. If the consumer’s password doesn’t match the area’s password coverage, a warning will seem:
Your new password doesn’t meet the size, complexity, or historical past necessities of your area. Try selecting a special new password.
You can use this password change method on the Remote Desktop Web Access server provided that Forms Authentication is enabled on the IIS on RDWA server. You received’t give you the option to change the password by way of the RD Web kind if the Windows Authentication methodology is used.
Now when making an attempt to join to the RD Web Access server with the expired password, the consumer will likely be redirected to password.aspx web-page and supplied to change his password.
Tip. Similar performance for altering the password in Windows Server 2008 R2 with the RD Web Access Role can develop into accessible after you put in a particular replace – KB2648402.
You can add a hyperlink to the password change kind instantly to the registration web-form on the RDWeb server. This will permit a customers to change their password any time with out ready until it expires.
Let’s add a hyperlink to password.aspx to the RDWeb sign-in web page (create a backup copy of the password.aspx file earlier than enhancing).
- On the RDWeb server, discover and open the file C:WindowsWebRDWebPagesen-USlogin.aspx in any textual content editor (I desire Notepad++);
- Go to line 583 and paste the next code in it:
Password Reset Utility
- Save the modifications within the login.aspx file, restart the IIS web-site and ensure that a hyperlink to the password change web page seems on the sign-in web page of the RD Web server.
Now distant customers can change the expired password on your RDS farm with out administrator intervention.