HP ThinPro - Using RD Web Access for User-Initiated Password Resets
Introduction
In most configurations using RDP, Citrix, or VMware Horizon View, once a user’s password has expired, it will be difficult for
that user to self-initiate an update of their expired password. This paper discusses the solutions available within the scope
of the RDP protocol family for executing a change of an expired password. This might also be of interest to customers who
primarily use a non-RDP protocol for the primary connection but would consider leveraging RDP techniques to solve this
problem.
This paper assumes that the Windows Server 2012 R2 infrastructure is in use, but the same technique can be applied to
Windows Server 2012 and Windows Server 2008 R2. The server should have RD Web Access installed and, if using Windows
Server 2008 R2, should be patched (see http://support.microsoft.com/kb/2648402
).
Web-based password reset
One solution that is viable for a broad set of deployments is to leverage the web-based password reset that is included as
part of RD Web Access. RD Web Access is used primarily for publishing a list of RDP connections for end users. However, the
password changing functionality can be leveraged independently. When using RD Web Access alongside RD Gateway, the
thin client must be able to directly connect to the RD Web Access server on the HTTPS port without using the RD Gateway. In
other words, the RD Web Access server cannot be “behind” the RD Gateway.
1. On the Windows server with RD Web Access, open the IIS Manager and navigate to Sites > Default Web Site > RDWeb
> Pages.
2. Open Application Settings.
3. The property PasswordChangeEnabled
is in the Application Settings table. Set this property to true.
2