IISADMPWD Virtual Directory

Issue

Internet Information Server (IIS) 4.0 provides the IISADMPWD virtual directory so that users can change their Microsoft® Windows® passwords. This feature was designed primarily for intranet scenarios. If you allow users to change passwords over the Internet, you create a potential security risk. You should not use the IISADMPWD virtual directory on production servers that have Internet access.

Solution

Remove the IISADMPWD virtual directory.

Note

• This directory is not installed as part of Internet Information Services (IIS) 5.0, but it is not removed if you upgrade from IIS 4.0.

Instructions

To remove the IISADMPWD virtual directory in Windows XP Professional

1. Click Start, point to Control Panel, point to Administrative Tools, and then click Internet Information Services.
2. In the Internet Information Services Manager, right-click IISADMPWD, and then click Delete.

To remove the IISADMPWD virtual directory in Windows 2000

1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
2. In the Internet Information Services Manager, right-click IISADMPWD, and then click Delete.

To remove the IISADMPWD virtual directory in Windows NT®

1. Click Start, point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Internet Information Server, and then click Internet Service Manager.
2. In the Internet Information Services Manager, right-click IISADMPWD, and then click Delete.

Additional Information

How to Change Windows NT Account Passwords Using Internet Information Server (IIS) 4.0 (184619)

IISADMPWD Virtual Directory Is Not Created During Clean Install of IIS 5.0 (269082)

©2002-2004 Microsoft Corporation. All rights reserved.