Re: Adding Users via Web Interface

Your exactly right in the assumption for a secure method.  And my lack
of mentioning an AD infrastructure is because there isn't one.  I
understand the vulnerability involved in allowing LAN users to change
passwords via a web interface, but that is beside my original question. 
Thank you everyone thus far with the help!

Regards,

Adam Kane

mcclenbw@oneonta.edu wrote:
> We aren't talking about anything new here.  The Exchange OWA connects to
> AD and has a password change feaure. Although I'm not quite sure where
> the orginal poster mentioned the existance of an AD infrastructure to
> begin with.  Seems like that was just an assumption.
>
> If anyone objects to the basis of the question, I'd be interested in
> hearing different solutions to meet the  need, but you can't just call
> it's frivolous.  I wish everytime my employer had a need to be met, I
> could just say "Sorry, won't do it.  Sounds frivilous.", and they would
> just go away.  I may get away with saying I wouldn't suugest doing it
> that way, but the next question would, "how could we acheive it?" A lack
> of a solution does not abolish a need.  
>
> Also, it's safe to assume, I believe, that anyone posting to newsgroup
> focused on Microsoft security is looking for a secure method to
> implement.
>
>
>
>
>   
> > -----Original Message-----
> > From: James Harless [mailto:jharless@kidwellcompanies.com] 
> > Sent: Wednesday, April 12, 2006 10:19 AM
> > To: focus-ms@securityfocus.com
> > Subject: Re: Adding Users via Web Interface
> >
> > Seems like an exceptionally bad idea to me.  Connecting a 
> > webserver to AD so frivolously seems like an invitation to evil-doing.
> >
> >
> > --
> > James Harless
> >
> >
> >
> >
> > On 4/11/06 7:24 PM, "Crawley, Jim" <Jim.Crawley@yrbrands.com> wrote:
> >
> >     
> > > I'm actually quite interested in seeing how this progresses as
> > > well.  Right now we have a mixed network and it would be 
> > >       
> > great to have a
> >     
> > > way for the end-user to change their own passwords both on 
> > >       
> > the max and
> >     
> > > on machines still connected to the netware network.
> > >
> > >
> > >  
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Steveb@tshore.com [mailto:Steveb@tshore.com]
> > > Sent: Wednesday, 12 April 2006 6:51 AM
> > > To: kane@linkitsoftware.com; focus-ms@securityfocus.com
> > > Subject: RE: Adding Users via Web Interface
> > >
> > > Adam,
> > >
> > > What's so hard about pressing <ctrl>+<alt>+<del> and 
> > >       
> > clicking the button
> >     
> > > that says "Change Password"?  It seems like opening up a 
> > >       
> > web browser and
> >     
> > > doing it at a web server is not only less secure but also 
> > >       
> > quite a few
> >     
> > > more steps!
> > >
> > > Steve Bostedor
> > > http://www.bozteck.com
> > > Bozteck President
> > >
> > > -----Original Message-----
> > > From: Adam Kane [mailto:kane@linkitsoftware.com]
> > > Sent: Tuesday, April 11, 2006 3:33 PM
> > > To: focus-ms@securityfocus.com
> > > Subject: Adding Users via Web Interface
> > >
> > > Hi all,
> > >
> > > Is there some kind of application I can install on my Windows 2000
> > > Server IIS machine to allow changing of user passwords via web
> > > interface?  This would be used on a LAN for non-savvy users 
> > >       
> > (ie. sales
> >     
> > > associates) to change passwords quickly to users on the win2k server
> > > machine.
> > >
> > > Any advice is appreciated.  Thanks!
> > >
> > >
> > > Regards,
> > >
> > > Adam Kane
> > >
> > >
> > >
> > >       

---------------------------------------------------------------------------
---------------------------------------------------------------------------