Greyware Automation Products, Inc.
Greyware Automation Products, Inc.   
     Home    Products    Store    Downloads    Customer Service    Site Search    
Log in  or   Create an account now -- FREE!        
Domainpassword > Domain Password

Domain Password Logo

Allow users to change their Windows Domain/Active Directory passwords using their web browser!

Simple to install, no scripting or programming required!

No more need to train users how to change passwords on different operating systems!

Users accessing your servers from non-Microsoft operating systems can now change their password!

Keep a log of all successful and failed attempts to change passwords


Domain Password is a 32-bit Windows NT4/2K/XP/2003/Vista/Win7/2008/Win8/2012/Win10 CGI program to let users securely change their Windows Domain/Active Directory passwords using their web browser. Password change pages can be completely customized and made available on your intranet or the Internet.

  • Extremely simple for both the end user and administrator.
  • No HTML to write or maintain (unless you want to)
  • No registry entries to edit
  • Generates a log of all successful and failed attempts
    Here's a sample log file: dompass.log

Simple password changing using a browser is especially useful for organizations with dial-up/VPN remote users, those with workstations running a variety of operating systems, those running Exchange, or anyone else who wants to give their users a extraordinarily easy way change their own passwords without the hassle of logging onto the domain, pressing obscure key combinations, or figuring out how their particular operating system changes passwords.

Domain Password generates its own HTML forms, and integrates directly with the Windows NT4/2K/XP/2003/Vista/Win7/2008/Win8/2012/Win10 security system.

Domain Password also works on SSL-enabled web servers to provide fully encrypted sessions between the server and browser.

Domain Password is primarily designed for use on Windows Domains/Active Directory trees. The program can run either on Workstation or Server versions of Windows NT4/2K/XP/2003/Vista/Win7/2008/Win8/2012/Win10. Users may also change passwords for multiple domains.

You may also install Domain Password on stand-alone machines that are not part of a domain; in this case, you can use Domain Password to change the password only on the machine on which it runs.

    Domain Password is a client-server program. The client portion is a web browser, and the server portion is a web server running Domain Password. No additional software or configuration is needed for the client, which means you may change domain passwords using any web browser on any operating system as long as the browser supports HTML forms.

    The server portion of is a standard CGI program that runs on a web server (IIS, Apache, and others) running on Windows NT4/2K/XP/2003/Vista/Win7/2008/Win8/2012/Win10.

Setup and Installation
    Copy the executable file to your web server's CGI directory (usually cgi-bin or scripts, but may be something else depending on your server and how it's configured).

    Refer to your web server's documentation to ensure that standard CGI is enabled for the server, and that the CGI directory has the proper execute permissions.

    On IIS, make sure that the IUSR_ account has Change rights in the temp directory. On other servers, ensure that the SYSTEM account, or user account under which the server runs, has Change rights in the temp directory.

    Note: Enabling CGI on IIS for Windows Server 2003 and later requires additional configuration. See this article from our Knowledgebase for details.

    If you are having trouble getting CGI programs to run, especially on IIS, then you might want to search our knowledgebase for help. Answers to the most-frequently asked questions are there.

    Copy dompass.ini to the same directory as dompass.exe. Leave dompass.ini unchanged until you are sure Domain Password is working satisfactorily, then edit to suit your tastes. Note, you may need to add domain information per this KB article.

    Add a link to dompass.exe on any page you want. For example, if your CGI directory is CGI-BIN, add this link: <a href="/cgi-bin/dompass.exe?">Change Password</a>

    To use Domain Password on any web server, you must

    • Adjust the Policies/Account settings in User Manager and turn off the "Users must log on in order to change password" checkbox.
    • Adjust the Policies/User Rights settings in User Manager and add "Log on as a batch job" for "everyone" (or those users you want to be able to use Domain Password).
    • Note: All regular Windows account restrictions apply. For example, if you have passwords restricted so they can only be changed every 10 days, then users will not be able to change passwords with DomPass more often then every 10 days. Ditto for allowing blank passwords, remembered passwords, and so forth. DomPass does not circumvent any Windows policies or security constraints.
Version History
  • 1.4.b.20030217 - Change log file to report domain\user instead of just user.
  • 1.4.b.20021108 - Added [Domains] section to dompass.ini file to provide drop-down optional list. Documentation is within the dompass.ini file.
  • 1.3.b.20010803 - Fixed bug that prevented plus sign from being recognized as a valid character within a password; replaced registry-handling library with newer module.
  • 1.2.b.20000214 - Added internal error handling for MSVC runtime deallocation errors. Improved code to retain domain and username information on form in case of error.
  • 1.2.b.19990510 - Alpha version released; minor internal improvements in error handling
  • 1.1.b.981027 - updated internal documentation references
  • 1.1.b.980925 - added REG_SZ ConfigDir value allowing dompass.ini and dompass.log to reside anywhere
  • 1.1.b.970912 - removed invalid passwords from HTML when user makes a mistake
  • 1.1.b.970909 - added option to let user specify domain\username
  • 1.1.b.970715 - added ability to process blank passwords
  • 1.1.b.970302 - upgrade to allow customization via the dompass.ini file.
  • 1.0.b.960513 - initial release. Basic functionality established.
    Here's what the CGI looks like by default:
      Current Password: 
          New Password: 
    New Password Again: 

    Note: Passwords are case-sensitive on this system. Password, PASSWORD, and password are three different passwords.

    Version 1.1 (build 970302 or later) allows you to customize the entire format, as much or as little as you want.

    Domain Password is self-configuring. It will discover the name of your primary domain controller and generate the proper HTML. You may override this by specifying a machine name on the PDC= line in dompass.ini. Specifying a PDC also makes the program more efficient, since the lookup can take a noticeable amount of time on some networks.

    You may customize most aspects of Domain Password by editing the dompass.ini file. All of the text, and most of the HTML, can be changed by editing this file. To make Domain Password operate in Portuguese, for example, just replace the English text messages with the Portuguese equivalents.

    Here is the default dompass.ini file. (It is included in the ZIP archive when you download.) All of the options are well-documented in the INI file itself, so there's not much point in repeating the instructions here.

    By default, Domain Password looks for dompass.ini in the same directory where the you keep dompass.exe. This is also where Domain Password will write its log file, dompass.log. As of version 1.1.b.980925, you may change a registry setting to specify a different directory for dompass.ini and dompass.log. This feature was added to enhance security for servers that allow read access to all files in the CGI-BIN or SCRIPTS directory. If you are upgrading from a previous version, Domain Password will create the registry entry for you the first time you run Domain Password after the upgrade.

    To change the directory where the config files are stored, use REGEDIT or REGEDT32 to modify Domain Password's ConfigDir setting:

                    Domain Password

    Double-click on the ConfigDir entry. This is a REG_SZ (string) value, set to blank by default. Type the drive and path you want to use. For example, C:\dompass.

    Create the directory you specified above, and put the dompass.ini file in that directory. Use File Manager or Explorer to set the file permissions to Change for the users who should be able to access this file. Under IIS, this is usually the group Authenticated Users, and/or the user IUSR_machinename. Under other web servers, you will usually need to specify the account under which the web server runs, usually LocalSystem or System.

    As long as the drive and directory you specify isn't shared, this will allow Domain Password to read the dompass.ini file and write the dompass.log file in this directory, but not allow access in any other way.

My Account  |   Contact Us  |   Privacy Policy  |   Printer-Friendly Version
Copyright © 1995-2024 Greyware Automation Products, Inc.  All Rights Reserved
All Trademarks mentioned are the properties of their respective owners.