Adding a Password Reset link to Outlook Web Access

These instructions allow you to add a "Reset Password" link to Outlook Web Access for Exchange 2007.

Older versions of Exchange and OWA work somewhat similarly, but are not documented in detail here.

Before you begin

Basic knowledge of ASP and HTML is very helpful when modifying Outlook Web Access. Do not proceed with this procedure unless you feel comfortable that you can restore OWA to its original state if needed.

There are two common configurations of the form based authentication in OWA. If your organization is using an ISA firewall, you most likely have to follow the instructions on how to edit the ISA authentication forms further down in this document. If not, you should be fine just editing the default OWA logon form as explained below.

Modifying the default Outlook Web Access Logon form

Start by opening up the Internet Information Services (IIS) Manager console on your Exchange Server. A default Exchange installation adds the Outlook Web Access web site to the Default Web Site on the Exchange Server. Expand the Default Web Site node and locate the OWA application beneath it. The properties on the OWA node will reveal the local path to the OWA directory on your server, which by default is "C:\Program Files\Microsoft\Exchange Server\ClientAccess\owa".

This directory contains a folder called "auth", which is where the logon form is located. Start by making a backup copy of "logon.aspx" and then open it up for editing in your favourite editor.

Find the following HTML section:

<table <%=tblStyle%>>
       <col class="nowrap">
       <col class="w100">
       <col>
       <tr>
        <td nowrap><label for="username"><%=UserNameLabel%></label></td>
        <td class="txtpad"><input id="username" name="username" type="text" class="txt"></td>
       </tr>
       <tr>
        <td nowrap><label for="password"><%=LocalizedStrings.GetHtmlEncoded(Strings.IDs.PasswordColon) %></label></td>
        <td class="txtpad"><input id="password" name="password" type="password" class="txt" onfocus="g_fFcs=0"></td>
       </tr>
       <tr>
        <td colspan=2 align="right" class="txtpad">
         <% if (!IsDownLevelClient) { %>
         <input type="submit" class="btn" value="<%=LocalizedStrings.GetHtmlEncoded(Strings.IDs.LogOn) %>" onclick="clkLgn()"
          onmouseover="this.className='btnOnMseOvr'" onmouseout="this.className='btn'" onmousedown="this.className='btnOnMseDwn'">
         </input>
         <% } %>
         <% else { %>
         <input type="submit" class="btn" value="<%=LocalizedStrings.GetHtmlEncoded(Strings.IDs.LogOn) %>" onclick="clkLgn()">
         <% } %>
         <input name="isUtf8" type="hidden" value="1">
        </td>
       </tr>
</table>

Replace the above section with the code below. Don't forget to replace [URL_TO_YOUR_SERVER] with your public Password Reset URL.

<table <%=tblStyle%>>
       <col class="nowrap">
       <col class="w100">
       <col>
       <tr>
        <td nowrap><label for="username"><%=UserNameLabel%></label></td>
        <td class="txtpad"><input id="username" name="username" type="text" class="txt"></td>
       </tr>
       <tr>
        <td nowrap><label for="password"><%=LocalizedStrings.GetHtmlEncoded(Strings.IDs.PasswordColon) %></label></td>
        <td class="txtpad"><input id="password" name="password" type="password" class="txt" onfocus="g_fFcs=0"></td>
       </tr>
       <!--SPR-->
       <tr>
       <td><a href=<%="[URL_TO_YOUR_SERVER]"%> target="_blank">Reset Password...</a></td>
       </tr>
       <!--END SPR-->
       <tr>
        <td colspan=2 align="right" class="txtpad">
         <% if (!IsDownLevelClient) { %>
         <input type="submit" class="btn" value="<%=LocalizedStrings.GetHtmlEncoded(Strings.IDs.LogOn) %>" onclick="clkLgn()"
          onmouseover="this.className='btnOnMseOvr'" onmouseout="this.className='btn'" onmousedown="this.className='btnOnMseDwn'">
         </input>
         <% } %>
         <% else { %>
         <input type="submit" class="btn" value="<%=LocalizedStrings.GetHtmlEncoded(Strings.IDs.LogOn) %>" onclick="clkLgn()">
         <% } %>
         <input name="isUtf8" type="hidden" value="1">
        </td>
       </tr>
</table>

Save the file and open the login page in a browser to verify that the link works properly.

Modifying the ISA authentication forms

If your organization is using an ISA server you might be using the ISA HTML Form Authentication rather than the built in logon form of OWA. Modifying the ISA authentication form works a little bit different, but offers much better support for language localizations.

Start by locating the installation directory of your ISA server. By default, this is "C:\Program Files\Microsoft ISA Server\". Browse down from this directory to the "CookieAuthTemplates\Exchange\HTML\" directory. This is where you will find the Exchange authentication forms.

Make a backup copy of "Strings.txt" and open it up in your favourite text editor. Strings.txt contains all the strings used on the logon form. If you want to add a translated link, you should browse one directory further down to the "nls" directory and open the "Strings.txt" located in the country folder for the country code which you wish to translate.

Add the following at the bottom of the list of strings, but above the internal strings. Don't forget to replace [FQDN] with the FQDN of your public Specops Password Reset web server.

L_SPRLinkURL="https://[FQDN]/SpecopsPassword/Reset/Reset.aspx"
L_SPRLinkText="Reset Password..."

;
;
;
Microsoft ISA Server 2006 internal strings.
; 
; DON'T CHANGE BELOW THIS POINT
;

Save the file when you're done. The L_SPRLinkURL variable now holds the URL to the Specops Password Reset Web site, and L_SPRLinkText contains the actual link text. Now we only need to use these two variables on the authentication form.

The normal authentication form (for user name and password) is called "usr_pwd.htm" and is found in the "CookieAuthTemplates\Exchange\HTML\" directory. Make a backup copy of this file and open it up for editing.

Find the section called "" and replace it with the following:

<!-- Table 6-->
<table cellspacing="0" cellpadding="0">
  <colgroup>
  <col class="nowrap">
  <col class="w100">
  <col>
  <tbody>
    <tr>
    <td class="nowrap"><label for="username">@@L_UserName_Text</label></td>
    <td class="txtpad">
      <input class="txt" id="username" name="username" type="text" />
    </td>
    </tr>
    <tr>
      <td class="nowrap"><label for="password">@@L_Password_Text</label></td>
      <td class="txtpad">
        <input class="txt" id="password" onfocus="g_fFcs=0" type="password" name="password" />
      </td>
    </tr>
    <tr>
    <!--<td class="nowrap">&nbsp;</td>-->
    <!--Specops Password Reset-->
      <td align="left" class="txtpad">
        <a href="@@L_SPRLinkURL" target="_blank">@@L_SPRLinkText</a>
      </td>
      <!--<td> element below needs colspan="2" and no align property if above section removed!-->
      <td class="txtpad" align="right">
        <input class="btn" onmousedown="this.className='btnOnMseDwn'" id="SubmitCreds" onmouseover="this.className='btnOnMseOvr'" onclick="clkLgn()" onmouseout="this.className='btn'" type="submit" value="@@L_LoginButton_Text" name="SubmitCreds" />
      </td>
    </tr>
  </tbody>
</table>
<!-- End Table 6-->

Save the file and restart your ISA Services to load the new form. You should now be able to see the Reset Password link on your authentication form.

Adding a Password Reset link to Outlook Web Access

Before you begin

Modifying the default Outlook Web Access Logon form

Modifying the ISA authentication forms

Documentation

Related

Products

Resources

News

Welcome Vodafone. Our latest Password Reset customer!

Press release: Täby Kommun Automates Client Environment with Specops Deploy

Specops Deploy with Windows 7 deployment reviewed

HIPAA Password Security in Active Directory

Events

iT Showcase Live in London

Webinar: Password Security In Active Directory

Seminar: IT Security in Windows Environments

TechEd New Orleans