Need to create a script to automatically change users password upon logon.
I would like to install a script on our Windows 2003 active directory controller that will change a users password to a new randomly generated password and email them the password once they login to the server. Is this possible?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
peakpeak
Ok, but you then have no error recovery, if the user is disconnected before (s)he can read her mail it's a dead end. You, as an administartor get blaimed, more work and feel (probably) bad. I'm entertained by your idea though, it's technical and its fun but not for a production environment.
>>if the user is disconnected before (s)he can read her mail it's a dead end
As an admin, you can always reset the password in such cases.
As an admin, you can always reset the password in such cases.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
jkr: Like I mentioned, as an admin you're not supposed to NEED to do error recovery, it'll make you look bad
I am not saying that I think this is a good idea, yet it is possible. As a side not, sending that stuff by email to me implies that this network has it's own mail server. Sending logon passwords over the internet would be - hm, let's say "less than optimal"...
I agree with you sharizod, sending unencrypted emails even on internal nets, possibly with lots of extenal consultants, there is a real security misbehaviour. We don't allow consultants on our net however but even a grudged employee with an etheral sniffer can make great damage. Even if you disable rights to install programs someone can take a laptop with a switch, hide it in a drawer and share his/her only connection to enable sniffing by ARP spoofing
Yea. We once had a supervisor out on the plant floor at one of my former places of employment capturing keystrokes, using packet sniffers, and tampering with the hardware (and putting it back before we would come in during the day). He was found out only because he was not well-liked and blabbed too much. The internal threats are the scariest of all!
At my current place, we have security up the wazoo and are sox compliant. Consultants that come in are allowed to use the iwireless nternet only after explicitly requesting it from IT since they must be assigned a temporary password to be able to login. Once in, they cannot see any of our network since they are segrated by some software running on a server and a firewall/router - an internal DMZ if you will.
At my current place, we have security up the wazoo and are sox compliant. Consultants that come in are allowed to use the iwireless nternet only after explicitly requesting it from IT since they must be assigned a temporary password to be able to login. Once in, they cannot see any of our network since they are segrated by some software running on a server and a firewall/router - an internal DMZ if you will.
Yep, we call it the Consultant Network, only 25, 110, 80 and the like inbound, unresticted outbound access is allowed as of today (might change that). No access to our internal network. Our users are well-behaving (or at least we do believe it :). No virus spread or other mishappens since like 1998 where we had the first and second. But you never really know, it's a matter of how important your intellectual property is and of course the budget to support it .. :)
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup Zone:
SPLIT: peakpeak {19568412} & jkr {19568696} & sharizod {19568846}
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
Chris-Dent
Experts Exchange Cleanup Volunteer