By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,932 Members | 1,462 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,932 IT Pros & Developers. It's quick & easy.

Change Local administrator PSWD code needed

P: n/a
We have a request from Auditing to modify the password an a local
workstation administrative account every 90 days. We are developing two
programs - a VB6 GUI program that will allow the administrative support
person to enter a new password into an App and have that encrypted password
saved in a text file. The second part is a VB6 program that only is a
command line program that will open the password text file, read the
encrypted password, de-encript it using the same logic that created it, and
then resets a specific local administrors account to the new password.

We already have the program that will encrypt a clear text password and save
that encrypted password to a file. We also have enough of the command line
program written that will read the password file, de-encrypt the password
stored in the file and then (for now only) will display the de-encrpted
password on the screen.

What I need to know is the remaining portion of code that will allow me to
actually reset a specific local administrator's account to the new password.
Note the code will be run using the machine's system account.

Does anyone have the code they can share with me that will perform the
password change? If so, please post the code in the reply.

Thanks,
Jan 29 '07 #1
Share this Question
Share on Google+
3 Replies


P: n/a

"W C Hull" <su**************************************@hotmaill .comwrote in
message news:bNcvh.546$Xf4.270@trndny09...
We have a request from Auditing to modify the password an a local
workstation administrative account every 90 days. We are developing two
programs - a VB6 GUI program that will allow the administrative support
person to enter a new password into an App and have that encrypted
password saved in a text file. The second part is a VB6 program that only
is a command line program that will open the password text file, read the
encrypted password, de-encript it using the same logic that created it,
and then resets a specific local administrors account to the new password.

We already have the program that will encrypt a clear text password and
save that encrypted password to a file. We also have enough of the
command line program written that will read the password file, de-encrypt
the password stored in the file and then (for now only) will display the
de-encrpted password on the screen.

What I need to know is the remaining portion of code that will allow me to
actually reset a specific local administrator's account to the new
password. Note the code will be run using the machine's system account.

Does anyone have the code they can share with me that will perform the
password change? If so, please post the code in the reply.

Thanks,
I would recommend strongly against using a file. What happens if a user
deletes the file?
Does the password revert back to the default? Any outcome would be a
security hole.

Use the registry and simply encrypt and decrypt appropriately. You can even
include
a time hash in which case a password of let's say "DOG" would be encoded
differently from
one PC to another.
Jan 30 '07 #2

P: n/a
Raoul,

Thanks for the reply. Well, here are some more details......

We have about 4000 workstations on several different domains that all have 1
local workstation administrator account that has the same account name and
same password. We have it setup that way specifically so that IT support
personal can perform maintenance on the machine locally without having to
authenticate to the domain and be logged on with a domain account. Yes, I
agree that putting the information into a file is bad business but it may be
difficult for us to get the encrypted password into the registry without
something being able to push the encrypted key to the registry somehow. Our
thought was to put the encrypted text file and the program to set reset the
password on the domain controllers in and run the application as a machine
script each time the machine is restarted. By putting the code up on the
DC's where write acccess is VERY limited we get around the issue of someone
that is unauthorized from deleting the file. Since we were going to run
the script as a group policy machine script all we need is the actual
command line command or better yet, a native VB6 function that would
arbitrarily set the password to the new password without knowing the
existing password to perform the password reset. This program would contain
a de-encrypt function with the same hash that was used to create the key.
This program would read the encrypted password, deencrypt the password and
then set the password of the local administror's account to the new
password.

So.....Do you know the command to execute the password change either through
a command line program or though a VB6 subroutine or function.

"Raoul Watson" <Wa*****@IntelligenCIA.comwrote in message
news:%wEvh.4849$yB5.1299@trndny03...
>
"W C Hull" <su**************************************@hotmaill .comwrote
in message news:bNcvh.546$Xf4.270@trndny09...
>We have a request from Auditing to modify the password an a local
workstation administrative account every 90 days. We are developing two
programs - a VB6 GUI program that will allow the administrative support
person to enter a new password into an App and have that encrypted
password saved in a text file. The second part is a VB6 program that
only is a command line program that will open the password text file,
read the encrypted password, de-encript it using the same logic that
created it, and then resets a specific local administrors account to the
new password.

We already have the program that will encrypt a clear text password and
save that encrypted password to a file. We also have enough of the
command line program written that will read the password file, de-encrypt
the password stored in the file and then (for now only) will display the
de-encrpted password on the screen.

What I need to know is the remaining portion of code that will allow me
to actually reset a specific local administrator's account to the new
password. Note the code will be run using the machine's system account.

Does anyone have the code they can share with me that will perform the
password change? If so, please post the code in the reply.

Thanks,
I would recommend strongly against using a file. What happens if a user
deletes the file?
Does the password revert back to the default? Any outcome would be a
security hole.

Use the registry and simply encrypt and decrypt appropriately. You can
even include
a time hash in which case a password of let's say "DOG" would be encoded
differently from
one PC to another.


Jan 31 '07 #3

P: n/a

"W C Hull" <su**************************************@hotmaill .comwrote in
message news:%ySvh.6075$yB5.4652@trndny03...
<SNIPSo.....Do you know the command to execute the password change
either through a command line program or though a VB6 subroutine or
function.
<SNIP>

If you have admin or can emulate admin access and know the previous password
(or previous is blank) then you probably can use "NetUserChangePassword"
from Netapi32.dll to do this.

If you want, email me and I'll send you a sample code.
Feb 1 '07 #4

This discussion thread is closed

Replies have been disabled for this discussion.