Solved

netusersetinfo as a standard user?

Posted on 2007-03-21
5
644 Views
Last Modified: 2008-05-31
We have a web application running in IIS/Coldfusion.

One of the requirements of the app is that users can change their domain passwords from within the web app.  This is necessary as not all users of the app will be domain users (ie do not log onto machines on the domain, they authenticate agaisnt the domain solely for acces to the app).

We are using HP ProtectTools authentication services for domain authentication, meaning that all password functions must use their PwdGenUtil.dll.

Our web developer has written the code to change passwords using the dll and thisworks perfectly when logged in as a user with domain administration privileges, however it fails with an 'access denied' erro when run as a standard user (we have put the same code into a vbscript and tested at the command prompt and get the same results there).

Having spoken to HP, their code uses 'netusersetinfo' to change the password.  Reading up on this function, it would seem that this it requires admin rights on the domain to work.

Is there anything we can do to get this working as a standard user (short of granting all users the right to change passwords, which is not really an option!).

Thanks
Richard
0
Comment
Question by:richardchesterton
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 18773697
Is the PwdGenUtil.dll instantiated as a COM+ component in your password changing app?

Dave Dietz
0
 

Author Comment

by:richardchesterton
ID: 18791773
Hi Dave

Thanks for your response.

I forwarded your question t our web developer and his response was:

"yes, I believe so. I think that anytime any code has to interact with any system components, the only way to do this is through creating a COM object and passing the data around through that."

Hardly conclusive, but unfortunately that's the best I can get at this stage.  If you have any way of clarifying this, please let me know (I am no expert in coding or web creation).

Thanks
Richard
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 500 total points
ID: 18798044
It may be possible to set the DLL up in a COM+ package set to activate as a Server package.

This way you can set the identity of the package to that of an administrator and *just* the DLL will run with elevated privileges.

May want to bring this idea up with your developer....  :-)

Dave Dietz
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question