Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

code for changing pwd in NT Accounts??

Status
Not open for further replies.

aspro

Programmer
Jan 22, 2003
69
AU
I want to be able to change a password for any account just by having the user apply for a new one electronically then having a passwrod randomly made (already done) and set as the new passwrd for that user. any ideas?

thanks,
aspro
 
I'd be amazed/scared if ColdFusion could alter the password of an NT account.

Think about it... and I'm pretty sure you'll soon come to the conclusion that you really wouldn't want ColdFusion to be able to change/set a password for you. Hope it helps,
-Carl
 
no really I do. I already have tags to change password but it accepts the old password as well. I just want it to over write the old one.
I have thought this through and so has my team, and we want to do it.

If you have ideas that would help please let me know

aspro
 
aspro

This is one of those situtations where even if someone did know, I don't think they would post it. If they did, I would not hesitate to use the red flag button and have it removed quicker than it was added.

This is not the type of information that you ask for on a public forum, and especially TT.

Hope this helps Wullie


The pessimist complains about the wind. The optimist expects it to change.
The leader adjusts the sails. - John Maxwell
 
What? a red flag? why?

Sorry if i'm very surprised with the response.

aspro, of course you can change the password of the users in the domain, even you can change ANY properties from a web page.

All you need for this is a ActiveX control like "Priore NT User Manager Control 1.0", this control allow set some features on the domain, like create new user, SET PASSWORD (not read it), remove a user, etc, and is FREE.

For use it, all you need to know is work with CFObjects and is all.

I don't remember where i found the activex, but you can search on gooogle or any other.

I use NTSet ActiveX, it cost $62 but you can do more functions like set account status, set permisions on specific resources like printers, shared files/directories, view event log, etc. And came with the web-pages for personalize, but in ASP using VBScript. (
Other solution is .NET, but i don't know much about this, yet! ;)

Wullie/csteinhilber: Why you think that is bad, just think about the aplications that can be developed.

In my company, we develop a web-based admin for the domain, to control it from anyware in the intranet. This tool are necesary because when i create a user from the cfm page, the user is not created only in the domain, also will be created in other 3 systems (finnancial, pay-roll and email). Just remember, doing this is not hacking, 'cause you aren't breaking the system, and you can't view the existent password.
 
Edimator

What? a red flag? why?

Let me see. You want us to post in a public forum telling you sensitive details like this. Go figure..

All you need for this is a ActiveX control like "Priore NT User Manager Control 1.0", this control allow set some features on the domain, like create new user, SET PASSWORD (not read it), remove a user, etc, and is FREE.

I suggest you read up on differences between ActiveX and Coldfusion. ActiveX requires you to accept the component, this is not available in CF as CF is server-side, not client side.

Also, if you have only ethical reasons for this request, please explain why this ActiveX component cannot be used in your case.

Wullie/csteinhilber: Why you think that is bad, just think about the aplications that can be developed.

Are you telling me that you really cannot see our point in this? Think of the applications that could be developed if you could format a users hard drive without their consent, although this would be considered a security risk, not a helpful feature.

How would you feel if you came to my site, I changed your password and then when you decided to reboot, the machine refused to log you in?

Hope this helps Wullie


The pessimist complains about the wind. The optimist expects it to change.
The leader adjusts the sails. - John Maxwell
 
Okay... having ColdFusion set the account of an NT account is bad enough... but now you want me to rely on a third-party control (and a freeware one at that) to do the job for me?!?

Oh that is wrong in sooooooo many ways.

How could you ever be sure that said control doesn't have some backdoor built into it that would allow mischievious folk to set whatever passwords they wanted??

Sorry... IF you insist on giving CF the ability to do system-level operations on your mission-critical servers, you darn better be sure YOU developed the code, or AT LEAST know the source inside and out.

I mean, my god, most security-conscious sites disable CF's own CFFILE/CFDIRECTORY operations... and those are built-in's.

Remember, while what you're suggesting "is not hacking" as you say, such functionality could very possibly be manipulated and used by hackers (afterall, those are the precise vulnerabilities that they prey upon). If you want to open yourself up to that possibility, you're either very naive, or very trusting. Neither of which will get you very far in the security world.

-Carl
 
I don't know what all the fuss is about. It is NOT a security problem to post this type of information. ADSI (Active Directory Services Interface) was written for this type of thing. I've done apps where VBScript was used on an NT Server that manages IIS components (virtual directories, virtual servers, metabase backup) as well as user accounts. I wrote a wrapper quite some time ago so I could get this functionality through ColdFusion. As a matter of fact, the HTML interface of IIS manages lots of internal settings and permissions using this technology. It's all free to learn about here:


You can modify a lot more than user accounts through this. There is this book:


Here are some other links:

(look for cf_adsi tag)


You'll find a ton of info here:

(This guy wrote an nt account manager but I can't find it anymore; I think it was written for an earlier version of ADSI and he hasn't updated it.)

Now, all of this has nothing to do with ActiveX; the whole idea of this thread was for ColdFusion to be able to create accounts on the SERVER, not the client.

-Tek
 
Thank's Teknology, that's what i mean. Particulary i don't use ADSI, 'cause my servers is on NT 4. and Activex Controls are the fast way to do (not the unique).

Anyway, i think that red flag is absurd, in a useful topic like this.

By the way, of course i know that Activex Control must be registered in the server and called from coldfusion pages.
 
I am sorry to have caused such a fuss. this project was purely made for decreasing the work load of the help desk when employees forget their password. Instead of the employee ringing help desk they simply see their employer and he/she can change the password of only their employees. it has audit trails and resticted access to the login accounts security levels.
I am sorry to have caused such a fuss, it was no way intentional. i only wanted to find out if it could be done...which i have done however not with any of the methods mentioned.
I appreciate the help that was given and apologise to those I caused problems for.
aspro
 
aspro,

You didn't cause a problem at all. If you never ask the question you'll never get the answer. I'm not tooting my own horn, but since I've worked in this area before, I wanted to set the record straight regarding managing nt accounts via ADSI.

edimator,

Basically what I was referring to was server-side account management, not client-side. Also, ADSI is available on NT 4.0. The work I did in this area was on an NT 4.0 server. ActiveX had nothing to do with it; everything was based on forms that managed IIS properties. The data would be submitted via an HTML form to the backend, which was a ColdFusion "wrapper" file that executed the VBScript I wrote to manage IIS.

-Tek
 
I think what you're doing is a good idea, esp in an Intranet environment. I use ZAKs tools ( which do passwords and a whole lot more without ActiveX for NT environments and 2000 environments that are still dual moded.

You can build in all the security you need and it can save lots of phone calls to helpdesk.

T
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top