Webpage Login for Specops Password Reset Enrollment
(Last updated on August 2, 2018)
I get asked every now and again by clients about allowing external users to enroll in the password reset system and whats the best way to enable this. The problem is that by default we use Windows Authentication which is the currently logged on users credentials. But if the user is logged into their home PC then their logged on credentials obviously won’t work and they get a nasty prompt asking for their domain credentials. So the easiest/slickest way to configure this is by doing the following
This example is based on an IIS 7.5 server running on Windows 2008 R2
1. Open IIS Manager, drill down to the “Enrollment” folder
2. Right Click on Authentication, and select Open Feature, set “Windows Authentication” to “Disabled”, and “Anonymous Authentication” to “Enabled”
3. Now when your users try to enroll they will get the following screen, without having to type in their windows credentials into the nasty external box 🙂
This is obviously going to affect all users who access the page so I would normally advise a second installation of the web server component, usually in your DMZ, to facilitate this option for external enrolment so as to not annoy your internal users to much.