Yes, although this behavior is not enabled by default.
In order to do so you must first configure your server to use SSL.
Then, you need to create a new Virtual Directory called Iisadmpwd under the Default Web Site.
1. Open Internet Information Services Manager from the Administrative Tools.
2. In IIS Manager expand SERVERNAME (Where SERVERNAME is your server name object), expand Web Sites, and then expand Default Web Site.
3. Right-click Default Web site and choose New, then select Virtual Directory.
4. In the Welcome screen click Next.
5. In the Virtual Directory Alias window type Iisadmpwd. Click Next.
6. In the Website Content Directory screen navigate to %Systemroot%\System32\Inetsrv\Iisadmpwd. Click Next.
7. In the Virtual Directory Access Permissions grant Read, Run Scripts and Execute permissions. Click Next.
8. Click Finish.
9. See that the new Virtual Directory is listed in the folder list on the right-pane of the IIS Admin console.
Next, you need to enable the Change Password button in the Registry of the server.
Note: This article was written at a time when there was no other method of performing the above. Nowadays we can use a nice graphic tool called OWAADMIN to perform the same trick (and many others). However even with OWAADMIN you will still need to perform parts of the steps outlined on this current page. The only step you can skip is the following step:
1. Open Regedit.
2. Navigate to
3. Create a new REG-DWORD value with the name of "DisablePassword" (without the quotes) and give it the value of 0 (zero).
4. Restart the IIS Services (you can do it from the IIS Admin tool).
Now check to see if the Change Password option is available in OWA:
1. Open OWA in a web browser (remember, you're using SSL now, so it has to start with HTTPS://).
2. Logon with your username and password.
3. Click on the Options button.
4. In the Options window scroll all the way down. Notice the Change Password button.
5. Notice the Change Password window opening. Try to use it.
Just a tip, we have a front end server and 7 back end servers. For this to work correctly in this configuration, your procedure should be followed on the front end server only. Then, the backend servers only require the DisablePassword registry change to be done.
I thought that would be a useful addition to the article.
Indeed. Thanks Brett!
Another reader note: Reader Rob Fisher says:
In the link above, I found a step you missed.
You also have to go into the iisadmpwd virtual folder properties, select configure in the application settings area of the virtual directory tab, and remove the davex.dll. You may get a 501 error if you don't do this. Thanks for the help!
Yet another reader note: Reader Eric Bridie says:
First I want to thank you for the brilliant articles. I just have an extra comment regarding password changes in OWA.
My environment is a Windows 2003 SBS SP2 R2 Enterprise. To get the OWA password change working I needed to change a firewall rule. The change is: Add the Iisadmpwd directory to the SBS OWA Publishing Rule. Hope other people can use this info.