>One could create a custom ISAPI filter that handles Authentication in this manner you want, but I don't
>think it'd be worth the effort...
This is what we are planning for now. It seems to be the only solution if we want to keep this basic authentification and benefit of NTFS.
I would say that someone who'll build that ISAPI tool to detect a password expired and prompt the user to update it, might be in good position to market this utility. Hey, might it be another challenge for you. :)