Solved

Set Password Admin

Posted on 1998-05-05
10
797 Views
Last Modified: 2008-02-01
We are trying to use the Set Password Admin utility.  Unfortunately, this product is free and unsupported from Novell.  If you are familiar with the utility you know that it allows a user to change passwords without having administrative rights.  We find this extremely promising to reduce the call volume to our Network Support team, by allowing the first level help desk personnel to reset users' passwords.

Here's the problem:  On our network we require users to use Unique passwords.  The setpassword utility doesn't work in this situation.  Here's why...  The utility changes the password to a default password hardcoded in the utility.  Then it uses the existing APIs to allow the SetPass Admin to change the password normally through a new tab in NWAdmin.  It is a new tab, but, like I said, it uses the existing APIs to perform the change of password.  The thing is that after one reset on a user's password, the setpass utility won't work anymore - since the hardcoded password exists in the password history for that user.

If anyone has found a work around for this - or even changed the code (C++ - available with the utility in the download) I would really appreciate their input.
0
Comment
Question by:calger
10 Comments
 
LVL 2

Expert Comment

by:JBirkmann
ID: 1592331
define a Group for the first level help desk personnel and
assign only the object property rights for changing unique passwords. The members of the group now can change the unique password property of all users.
If an user has forgotten his password, the help desk members have to change the unique password property, then they can use the change password admin utility, after that they have to reset the unique password property (to activ)
0
 
LVL 2

Author Comment

by:calger
ID: 1592332
We have thought about that - but we don't want to have to constantly administrate this function.  As new sites are added (at the speed of 4-12 servers per week - whew!) we would have to constantly update these users' rights.  We want a one stop fix for this solution.  I guess the best thing would be if someone has modified the code, or could modify the code.  Or someone who knows of a similar utility.

I appreciate the thought!
0
 
LVL 4

Expert Comment

by:saar2
ID: 1592333
I don't know how to slove your problem but anyway - it is strange.

Novell says that you must have rights to the user ACL to change its password - I can't understand how the program does it. If you realy can change the user password with no rights this mean a big hole in the security (a ragular user can change the admin user?!).

If you do have the rights for the ACL just use the Novell's Setpass:

Setpass <Username>

Where can I download this program?

Saar Carmi.

0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 
LVL 2

Author Comment

by:calger
ID: 1592334
SAAR - The utility should be downloadable from the Developers site.  It was written up in a late issue of AppNotes.

There is an NLM that is loaded on one fileserver - this provides the hook into NDS.  It also requires a schema extension.  NWAdmin interfaces with the NLM and allows a common user with no rights to be able to change passwords.  The NLM changes the user's password to a common, known password and then the NWAdmin piece can change the password using the SETPASS API.  Since NWAdmin is already aware of the common password it performs this action:

SETPASS <Username> <Common Password> <New password as defined by the Setpass Admin> <Verify Password>

SAAR - I know you do programming.... do you know C++ well enough to modify the code if you had it?  And if so, do you have an NLM compiler?

Also, I have spoken with an SE at Novell - The original developer of this utility has left Novell.  A new developer in Europe has recently taken on this code and I have requested a code change from him.  But if someone already has performed this change, why reinvent the wheel?
0
 
LVL 2

Author Comment

by:calger
ID: 1592335
0
 
LVL 2

Author Comment

by:calger
ID: 1592336
I doubled the points since I'm asking for someone to actually do some coding.  If anyone thinks the number of points assigned to this questions is unfair, let me know - I have plenty to share......
0
 
LVL 2

Author Comment

by:calger
ID: 1592337
My contacts with Novell are forwarding me a new revision of the code with the changes supposedly built in.  If anyone would like to see this code after I receive it, let me know via email.
0
 
LVL 2

Author Comment

by:calger
ID: 1592338
The new revision of the code from Novell works.
0
 
LVL 5

Accepted Solution

by:
jstegall earned 200 total points
ID: 1592339
Check Darwin Collins web site:
http://www.fastlane.net/homepages/dcollins/welcome.shtml

N4pass is the utility I use, it can be configured to use random or fixed passwords and you can exclude users or groups from the
list it can change,  like Admin your backdoor user or anyone.
0
 
LVL 2

Author Comment

by:calger
ID: 1592340
Thanks!  I did look into that utility that you mentioned.  It does everything we need it to do, and more.....too much more.... haha

We're going to stick with the corrected utility from Novell - but thanks for the URL - we're keeping it in case we decide to expand the abilities of our Help Desk.

Thanks again!
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Use Windows Task Scheduler to print a Word document weekly so your printer ink won't dry out.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question