On some customer sites we're using Windows Integrated authentication only to provide an initial Challenge Response before pushing the user to then login to the applications themselves with a login page for each application using a second set of credentials.
Is there a way to allow the user to change their (Windows) password when logging in as when I try setting the password to require a change on next login the user simply can't login at all.
These are web users only so don't have remote access to login to the server interactively to update their credentials.
FYI - these sites are running II6 on Win 2003 servers.
You're going to need addt'l software to do this. IIS / Windows doesn't have this functionality built-in. Microsoft has a solution in the Microsoft Identity Integration Services product (see http://technet.microsoft.com/en-us/library/cc720655(WS.10).aspx#bkm3), but I suspect that's heavier-weight than what you're looking for.
Outlook Web Access has this functionality, too, but you'll need an SSL certificate loaded onto the web server in order to use the password change feature.
There are many commercial "self service password reset" systems that would do what you want, as well. I don't have any personal experience with any of them, so I won't try to speak to them.
Update: I know nothing on that feature. But when I see a feature that "have multiple problems" it sounds to me like the iis team didn't care much about this feature. those are not the regular bugs that are in every software. But the outcome of indifference. There is a possibility that those problems got solved. But there is a possibility that they just appear to be solved and just before the testing they got carried away with something that was more important to them. Depending on your situation you can analyse it differently.
Before update:Look here, but don't use.