Change Expired Password in OWA
With Exchange 2007 SP3, the new functionality of being able to change an expired password was introduced. This is the same functionality that enforced "User must change their password at next logon".
With this functionality enabled, a network administrator can reset a user's password, then have the user login and immediately select their own secure password. Ideal for remote users who only access email by OWA.
However it is not enabled by default and requires a registry change. This change must be made on all Client Access Servers.
Copy this text in to a notepad file, then save it with the .reg extension. On the server itself, right click on it and choose Merge.
For the change to take full effect, you will need to run iisreset on the server. This will kick out existing OWA users.