You are in a full rds environment or almost and you want your users to change their password even from outside your network.
You have an infrastructure of the type:
- x remote session host server(s)
- 1 broker server
- 1 RDS gateway
- 1 access to RDWEB
Case 1: People outside the company when their password is expired it is impossible to log on.
Case 2: Users working on thin clients can not log in anymore because their password is expired.
Case 3: Users are working on off-domain positions.
Cause: The connections are blocked because of the authentication method, it is the broker server that first established this one and if the password is expired the connection fails.
The solution lies in the RDWEB service where the user will be allowed to change their password.
At least step 1 is sufficient, when a user has his password expired, simply log on to the RDWEB page to be invited to change password.
Step 1: Allow password change
First you have to activate the possibility of changing the password.
You have to change the application options on the IIS server.
Step 2: Allow password change at any time
To allow users to change their password whenever they want, you must add a link to the password change page.
You must modify the login.aspx file that is the RD WEB Access server in the following location: C: \ Windows \ Web \ RDWeb \ Pages \ en-US
Open the login.aspx file with a Notepad ++ type editor as administrator.
Look for the following lines:
<tr id="trPasswordExpiredNoChange" <%=strErrorMessageRowStyle%> >
<td height="20"> </td>
And add after:
<!-- START RDR ADD LINK TO CHANGE PASSWORD -->
<a href="password.aspx" title="Changer votre mot de passe">Cliquer ici</a> pour changer votre de passe.
<!-- END RDR ADD LINK TO CHANGE PASSWORD -->
Now on the login page, there should be a new link
By clicking on the link, users will arrive on the following form:
Now your users can change their password whenever they want and everywhere.
In addition to this article I invite you to read this one that will allow you to alert users of the expiration of their password at logon.