Raoul,
Thanks for the reply. Well, here are some more details......
We have about 4000 workstations on several different domains that all have 1
local workstation administrator account that has the same account name and
same password. We have it setup that way specifically so that IT support
personal can perform maintenance on the machine locally without having to
authenticate to the domain and be logged on with a domain account. Yes, I
agree that putting the information into a file is bad business but it may be
difficult for us to get the encrypted password into the registry without
something being able to push the encrypted key to the registry somehow. Our
thought was to put the encrypted text file and the program to set reset the
password on the domain controllers in and run the application as a machine
script each time the machine is restarted. By putting the code up on the
DC's where write acccess is VERY limited we get around the issue of someone
that is unauthorized from deleting the file. Since we were going to run
the script as a group policy machine script all we need is the actual
command line command or better yet, a native VB6 function that would
arbitrarily set the password to the new password without knowing the
existing password to perform the password reset. This program would contain
a de-encrypt function with the same hash that was used to create the key.
This program would read the encrypted password, deencrypt the password and
then set the password of the local administror's account to the new
password.
So.....Do you know the command to execute the password change either through
a command line program or though a VB6 subroutine or function.
"Raoul Watson" <Wa*****@Intell igenCIA.comwrot e in message
news:%wEvh.4849 $yB5.1299@trndn y03...
>
"W C Hull" <su************ *************** ***********@hot maill.comwrote
in message news:bNcvh.546$ Xf4.270@trndny0 9...
>We have a request from Auditing to modify the password an a local
workstation administrative account every 90 days. We are developing two
programs - a VB6 GUI program that will allow the administrative support
person to enter a new password into an App and have that encrypted
password saved in a text file. The second part is a VB6 program that
only is a command line program that will open the password text file,
read the encrypted password, de-encript it using the same logic that
created it, and then resets a specific local administrors account to the
new password.
We already have the program that will encrypt a clear text password and
save that encrypted password to a file. We also have enough of the
command line program written that will read the password file, de-encrypt
the password stored in the file and then (for now only) will display the
de-encrpted password on the screen.
What I need to know is the remaining portion of code that will allow me
to actually reset a specific local administrator's account to the new
password. Note the code will be run using the machine's system account.
Does anyone have the code they can share with me that will perform the
password change? If so, please post the code in the reply.
Thanks,
I would recommend strongly against using a file. What happens if a user
deletes the file?
Does the password revert back to the default? Any outcome would be a
security hole.
Use the registry and simply encrypt and decrypt appropriately. You can
even include
a time hash in which case a password of let's say "DOG" would be encoded
differently from
one PC to another.
