Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Set Password Admin

Posted on 1998-05-05
10
Medium Priority
?
833 Views
Last Modified: 2008-02-01
We are trying to use the Set Password Admin utility.  Unfortunately, this product is free and unsupported from Novell.  If you are familiar with the utility you know that it allows a user to change passwords without having administrative rights.  We find this extremely promising to reduce the call volume to our Network Support team, by allowing the first level help desk personnel to reset users' passwords.

Here's the problem:  On our network we require users to use Unique passwords.  The setpassword utility doesn't work in this situation.  Here's why...  The utility changes the password to a default password hardcoded in the utility.  Then it uses the existing APIs to allow the SetPass Admin to change the password normally through a new tab in NWAdmin.  It is a new tab, but, like I said, it uses the existing APIs to perform the change of password.  The thing is that after one reset on a user's password, the setpass utility won't work anymore - since the hardcoded password exists in the password history for that user.

If anyone has found a work around for this - or even changed the code (C++ - available with the utility in the download) I would really appreciate their input.
0
Comment
Question by:calger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 2

Expert Comment

by:JBirkmann
ID: 1592331
define a Group for the first level help desk personnel and
assign only the object property rights for changing unique passwords. The members of the group now can change the unique password property of all users.
If an user has forgotten his password, the help desk members have to change the unique password property, then they can use the change password admin utility, after that they have to reset the unique password property (to activ)
0
 
LVL 2

Author Comment

by:calger
ID: 1592332
We have thought about that - but we don't want to have to constantly administrate this function.  As new sites are added (at the speed of 4-12 servers per week - whew!) we would have to constantly update these users' rights.  We want a one stop fix for this solution.  I guess the best thing would be if someone has modified the code, or could modify the code.  Or someone who knows of a similar utility.

I appreciate the thought!
0
 
LVL 4

Expert Comment

by:saar2
ID: 1592333
I don't know how to slove your problem but anyway - it is strange.

Novell says that you must have rights to the user ACL to change its password - I can't understand how the program does it. If you realy can change the user password with no rights this mean a big hole in the security (a ragular user can change the admin user?!).

If you do have the rights for the ACL just use the Novell's Setpass:

Setpass <Username>

Where can I download this program?

Saar Carmi.

0
Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

 
LVL 2

Author Comment

by:calger
ID: 1592334
SAAR - The utility should be downloadable from the Developers site.  It was written up in a late issue of AppNotes.

There is an NLM that is loaded on one fileserver - this provides the hook into NDS.  It also requires a schema extension.  NWAdmin interfaces with the NLM and allows a common user with no rights to be able to change passwords.  The NLM changes the user's password to a common, known password and then the NWAdmin piece can change the password using the SETPASS API.  Since NWAdmin is already aware of the common password it performs this action:

SETPASS <Username> <Common Password> <New password as defined by the Setpass Admin> <Verify Password>

SAAR - I know you do programming.... do you know C++ well enough to modify the code if you had it?  And if so, do you have an NLM compiler?

Also, I have spoken with an SE at Novell - The original developer of this utility has left Novell.  A new developer in Europe has recently taken on this code and I have requested a code change from him.  But if someone already has performed this change, why reinvent the wheel?
0
 
LVL 2

Author Comment

by:calger
ID: 1592335
0
 
LVL 2

Author Comment

by:calger
ID: 1592336
I doubled the points since I'm asking for someone to actually do some coding.  If anyone thinks the number of points assigned to this questions is unfair, let me know - I have plenty to share......
0
 
LVL 2

Author Comment

by:calger
ID: 1592337
My contacts with Novell are forwarding me a new revision of the code with the changes supposedly built in.  If anyone would like to see this code after I receive it, let me know via email.
0
 
LVL 2

Author Comment

by:calger
ID: 1592338
The new revision of the code from Novell works.
0
 
LVL 5

Accepted Solution

by:
jstegall earned 800 total points
ID: 1592339
Check Darwin Collins web site:
http://www.fastlane.net/homepages/dcollins/welcome.shtml

N4pass is the utility I use, it can be configured to use random or fixed passwords and you can exclude users or groups from the
list it can change,  like Admin your backdoor user or anyone.
0
 
LVL 2

Author Comment

by:calger
ID: 1592340
Thanks!  I did look into that utility that you mentioned.  It does everything we need it to do, and more.....too much more.... haha

We're going to stick with the corrected utility from Novell - but thanks for the URL - we're keeping it in case we decide to expand the abilities of our Help Desk.

Thanks again!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When trying to connect from SSMS v17.x to a SQL Server Integration Services 2016 instance or previous version, you get the error “Connecting to the Integration Services service on the computer failed with the following error: 'The specified service …
The online market is growing at an unprecedented rate and retail eCommerce sales are expected to reach $4 trillion by 2020. Yet, the profit is not just there for the taking because you have to set yourself apart from the competition.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question