From: substitute1stInitial2ndInitialLastName51@hotmaill.com
Raoul,
Thanks for the reply. Well, here are some more details......
We have about 4000 workstations on several different domains that all have 1
local workstation administrator account that has the same account name and
same password. We have it setup that way specifically so that IT support
personal can perform maintenance on the machine locally without having to
authenticate to the domain and be logged on with a domain account. Yes, I
agree that putting the information into a file is bad business but it may be
difficult for us to get the encrypted password into the registry without
something being able to push the encrypted key to the registry somehow. Our
thought was to put the encrypted text file and the program to set reset the
password on the domain controllers in and run the application as a machine
script each time the machine is restarted. By putting the code up on the
DC's where write acccess is VERY limited we get around the issue of someone
that is unauthorized from deleting the file. Since we were going to run
the script as a group policy machine script all we need is the actual
command line command or better yet, a native VB6 function that would
arbitrarily set the password to the new password without knowing the
existing password to perform the password reset. This program would contain
a de-encrypt function with the same hash that was used to create the key.
This program would read the encrypted password, deencrypt the password and
then set the password of the local administror's account to the new
password.
So.....Do you know the command to execute the password change either through
a command line program or though a VB6 subroutine or function.
"Raoul Watson" wrote in message
news:%wEvh.4849$yB5.1299@trndny03...
>
> "W C Hull" wrote
> in message news:bNcvh.546$Xf4.270@trndny09...
>> We have a request from Auditing to modify the password an a local
>> workstation administrative account every 90 days. We are developing two
>> programs - a VB6 GUI program that will allow the administrative support
>> person to enter a new password into an App and have that encrypted
>> password saved in a text file. The second part is a VB6 program that
>> only is a command line program that will open the password text file,
>> read the encrypted password, de-encript it using the same logic that
>> created it, and then resets a specific local administrors account to the
>> new password.
>>
>> We already have the program that will encrypt a clear text password and
>> save that encrypted password to a file. We also have enough of the
>> command line program written that will read the password file, de-encrypt
>> the password stored in the file and then (for now only) will display the
>> de-encrpted password on the screen.
>>
>> What I need to know is the remaining portion of code that will allow me
>> to actually reset a specific local administrator's account to the new
>> password. Note the code will be run using the machine's system account.
>>
>> Does anyone have the code they can share with me that will perform the
>> password change? If so, please post the code in the reply.
>>
>> Thanks,
>>
> I would recommend strongly against using a file. What happens if a user
> deletes the file?
> Does the password revert back to the default? Any outcome would be a
> security hole.
>
> Use the registry and simply encrypt and decrypt appropriately. You can
> even include
> a time hash in which case a password of let's say "DOG" would be encoded
> differently from
> one PC to another.
>
>
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
