Hello,

I'm having a problem to change the users password as an Administrator:

In DNN7 > User Accounts > Edit User Accounts , i can't change the password of a user, the section where i should change the password is not visible. 

Suggestions? 

Regards,

Hans Spitters

With recent DNN-versions, DNN has decided to -by default- only allow password resets (with which DNN will generate some random token and email it to the user, allowing them to enter a new password themselves) in favor of letting the admin/host enter the password. That is why the password-boxes are now hidden when editing a user.

Original behaviour can be restored by altering your Web.config-file. Look for the "enablePasswordRetrieval"-attribute and set it to "true". Also, on the same line, alter the "passwordFormat"-attribute to "Clear" or "Encrypted".

Now the password-fields will be visible again when editing a user. Actually trying to change the password, however, results in the error as described by Mladen (for which I also currently don't know the solution)..

Does anyone have more information on Mladen's post?

Thanks for the info Kornelis, that was very helpful.

For anyone else running across this, I found the topic because of trouble after an upgrade on a site from DNN 6.0 up to 7.1. The administrators of the site were expecting to use the user administration just as they had before in older DNN 6 and although I've enjoyed using the new better password security on new DNN 7 installs, I hadn't considered how that might affect an existing site's rules during an upgrade. I had assumed it would leave the existing settings in place.

I checked in on each of the items mentioned in the web.config, they were all correctly or already set to the expected values you mentioned
1. In Host Settings > Advanced Settings Tab > Membership Management section
made sure that the "Enable password history?" box is unchecked (in my case it still was unchecked)

2. in the web.config, checked on the enablePasswordRetrieval and passwordFormat and both were already set to the correct/needed values
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SiteSqlServer"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
minRequiredPasswordLength="8"
minRequiredNonalphanumericCharacters="0"
requiresUniqueEmail="false"
passwordFormat="Encrypted"
applicationName="DotNetNuke"
description="Stores and retrieves membership data from the local Microsoft SQL Server database" />

The error that I see is that when an admin tries to reset a user's password, it will not complete / save the password change and gives the message that Mladen shared:
There was an error setting the password. The password has not been changed.

If instead I click to "Reset Password" then it seems to successfully save a new password and gives the alert message:
If the username entered was correct, you should receive a new email shortly with a link to reset your password.

when going through that process, it will correctly allow the user to receive the email, use the link in the email to visit the site and then reset / change their password.

So it seems to me in testing that although the system/controls seem to allow us to keep the older less secure password changing method, the enforced action in the DNN 7.1 site really (and I can't complain too much about it since I've been such a huge fan of the new password security in general) enforces the password change request email method.