Solved

Set Password Admin

Posted on 1998-05-05
10
766 Views
Last Modified: 2008-02-01
We are trying to use the Set Password Admin utility.  Unfortunately, this product is free and unsupported from Novell.  If you are familiar with the utility you know that it allows a user to change passwords without having administrative rights.  We find this extremely promising to reduce the call volume to our Network Support team, by allowing the first level help desk personnel to reset users' passwords.

Here's the problem:  On our network we require users to use Unique passwords.  The setpassword utility doesn't work in this situation.  Here's why...  The utility changes the password to a default password hardcoded in the utility.  Then it uses the existing APIs to allow the SetPass Admin to change the password normally through a new tab in NWAdmin.  It is a new tab, but, like I said, it uses the existing APIs to perform the change of password.  The thing is that after one reset on a user's password, the setpass utility won't work anymore - since the hardcoded password exists in the password history for that user.

If anyone has found a work around for this - or even changed the code (C++ - available with the utility in the download) I would really appreciate their input.
0
Comment
Question by:calger
10 Comments
 
LVL 2

Expert Comment

by:JBirkmann
ID: 1592331
define a Group for the first level help desk personnel and
assign only the object property rights for changing unique passwords. The members of the group now can change the unique password property of all users.
If an user has forgotten his password, the help desk members have to change the unique password property, then they can use the change password admin utility, after that they have to reset the unique password property (to activ)
0
 
LVL 2

Author Comment

by:calger
ID: 1592332
We have thought about that - but we don't want to have to constantly administrate this function.  As new sites are added (at the speed of 4-12 servers per week - whew!) we would have to constantly update these users' rights.  We want a one stop fix for this solution.  I guess the best thing would be if someone has modified the code, or could modify the code.  Or someone who knows of a similar utility.

I appreciate the thought!
0
 
LVL 4

Expert Comment

by:saar2
ID: 1592333
I don't know how to slove your problem but anyway - it is strange.

Novell says that you must have rights to the user ACL to change its password - I can't understand how the program does it. If you realy can change the user password with no rights this mean a big hole in the security (a ragular user can change the admin user?!).

If you do have the rights for the ACL just use the Novell's Setpass:

Setpass <Username>

Where can I download this program?

Saar Carmi.

0
 
LVL 2

Author Comment

by:calger
ID: 1592334
SAAR - The utility should be downloadable from the Developers site.  It was written up in a late issue of AppNotes.

There is an NLM that is loaded on one fileserver - this provides the hook into NDS.  It also requires a schema extension.  NWAdmin interfaces with the NLM and allows a common user with no rights to be able to change passwords.  The NLM changes the user's password to a common, known password and then the NWAdmin piece can change the password using the SETPASS API.  Since NWAdmin is already aware of the common password it performs this action:

SETPASS <Username> <Common Password> <New password as defined by the Setpass Admin> <Verify Password>

SAAR - I know you do programming.... do you know C++ well enough to modify the code if you had it?  And if so, do you have an NLM compiler?

Also, I have spoken with an SE at Novell - The original developer of this utility has left Novell.  A new developer in Europe has recently taken on this code and I have requested a code change from him.  But if someone already has performed this change, why reinvent the wheel?
0
 
LVL 2

Author Comment

by:calger
ID: 1592335
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 2

Author Comment

by:calger
ID: 1592336
I doubled the points since I'm asking for someone to actually do some coding.  If anyone thinks the number of points assigned to this questions is unfair, let me know - I have plenty to share......
0
 
LVL 2

Author Comment

by:calger
ID: 1592337
My contacts with Novell are forwarding me a new revision of the code with the changes supposedly built in.  If anyone would like to see this code after I receive it, let me know via email.
0
 
LVL 2

Author Comment

by:calger
ID: 1592338
The new revision of the code from Novell works.
0
 
LVL 5

Accepted Solution

by:
jstegall earned 200 total points
ID: 1592339
Check Darwin Collins web site:
http://www.fastlane.net/homepages/dcollins/welcome.shtml

N4pass is the utility I use, it can be configured to use random or fixed passwords and you can exclude users or groups from the
list it can change,  like Admin your backdoor user or anyone.
0
 
LVL 2

Author Comment

by:calger
ID: 1592340
Thanks!  I did look into that utility that you mentioned.  It does everything we need it to do, and more.....too much more.... haha

We're going to stick with the corrected utility from Novell - but thanks for the URL - we're keeping it in case we decide to expand the abilities of our Help Desk.

Thanks again!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now