We have a request from Auditing to modify the p***word an a local
workstation administrative account every 90 days. We are developing two
programs - a VB6 GUI program that will allow the administrative support
person to enter a new p***word into an App and have that encrypted p***word
saved in a text file. The second part is a VB6 program that only is a
command line program that will open the p***word text file, read the
encrypted p***word, de-encript it using the same logic that created it, and
then resets a specific local administrors account to the new p***word.

We already have the program that will encrypt a clear text p***word and save
that encrypted p***word to a file. We also have enough of the command line
program written that will read the p***word file, de-encrypt the p***word
stored in the file and then (for now only) will display the de-encrpted
p***word on the screen.

What I need to know is the remaining portion of code that will allow me to
actually reset a specific local administrator's account to the new p***word.
Note the code will be run using the machine's system account.

Does anyone have the code they can share with me that will perform the
p***word change? If so, please post the code in the reply.

Thanks,

"W C Hull" <substitute1stInitial2ndInitialLastName51@hotmaill .com> wrote in
message news:bNcvh.546$Xf4.270@trndny09...
> We have a request from Auditing to modify the p***word an a local
> workstation administrative account every 90 days. We are developing two
> programs - a VB6 GUI program that will allow the administrative support
> person to enter a new p***word into an App and have that encrypted
> p***word saved in a text file. The second part is a VB6 program that only
> is a command line program that will open the p***word text file, read the
> encrypted p***word, de-encript it using the same logic that created it,
> and then resets a specific local administrors account to the new p***word.
>
> We already have the program that will encrypt a clear text p***word and
> save that encrypted p***word to a file. We also have enough of the
> command line program written that will read the p***word file, de-encrypt
> the p***word stored in the file and then (for now only) will display the
> de-encrpted p***word on the screen.
>
> What I need to know is the remaining portion of code that will allow me to
> actually reset a specific local administrator's account to the new
> p***word. Note the code will be run using the machine's system account.
>
> Does anyone have the code they can share with me that will perform the
> p***word change? If so, please post the code in the reply.
>
> Thanks,
>
I would recommend strongly against using a file. What happens if a user
deletes the file?
Does the p***word revert back to the default? Any outcome would be a
security hole.

Use the registry and simply encrypt and decrypt appropriately. You can even
include
a time hash in which case a p***word of let's say "DOG" would be encoded
differently from
one PC to another.

Raoul,

Thanks for the reply. Well, here are some more details......

We have about 4000 workstations on several different domains that all have 1
local workstation administrator account that has the same account name and
same p***word. We have it setup that way specifically so that IT support
personal can perform maintenance on the machine locally without having to
authenticate to the domain and be logged on with a domain account. Yes, I
agree that putting the information into a file is bad business but it may be
difficult for us to get the encrypted p***word into the registry without
something being able to push the encrypted key to the registry somehow. Our
thought was to put the encrypted text file and the program to set reset the
p***word on the domain controllers in and run the application as a machine
script each time the machine is restarted. By putting the code up on the
DC's where write acccess is VERY limited we get around the issue of someone
that is unauthorized from deleting the file. Since we were going to run
the script as a group policy machine script all we need is the actual
command line command or better yet, a native VB6 function that would
arbitrarily set the p***word to the new p***word without knowing the
existing p***word to perform the p***word reset. This program would contain
a de-encrypt function with the same hash that was used to create the key.
This program would read the encrypted p***word, deencrypt the p***word and
then set the p***word of the local administror's account to the new
p***word.

So.....Do you know the command to execute the p***word change either through
a command line program or though a VB6 subroutine or function.



"Raoul Watson" <EMAIL REMOVED> wrote in message
news:%wEvh.4849$yB5.1299@trndny03...
>
> "W C Hull" <substitute1stInitial2ndInitialLastName51@hotmaill .com> wrote
> in message news:bNcvh.546$Xf4.270@trndny09...
>> We have a request from Auditing to modify the p***word an a local
>> workstation administrative account every 90 days. We are developing two
>> programs - a VB6 GUI program that will allow the administrative support
>> person to enter a new p***word into an App and have that encrypted
>> p***word saved in a text file. The second part is a VB6 program that
>> only is a command line program that will open the p***word text file,
>> read the encrypted p***word, de-encript it using the same logic that
>> created it, and then resets a specific local administrors account to the
>> new p***word.
>>
>> We already have the program that will encrypt a clear text p***word and
>> save that encrypted p***word to a file. We also have enough of the
>> command line program written that will read the p***word file, de-encrypt
>> the p***word stored in the file and then (for now only) will display the
>> de-encrpted p***word on the screen.
>>
>> What I need to know is the remaining portion of code that will allow me
>> to actually reset a specific local administrator's account to the new
>> p***word. Note the code will be run using the machine's system account.
>>
>> Does anyone have the code they can share with me that will perform the
>> p***word change? If so, please post the code in the reply.
>>
>> Thanks,
>>
> I would recommend strongly against using a file. What happens if a user
> deletes the file?
> Does the p***word revert back to the default? Any outcome would be a
> security hole.
>
> Use the registry and simply encrypt and decrypt appropriately. You can
> even include
> a time hash in which case a p***word of let's say "DOG" would be encoded
> differently from
> one PC to another.
>
>

"W C Hull" <substitute1stInitial2ndInitialLastName51@hotmaill .com> wrote in
message news:%ySvh.6075$yB5.4652@trndny03...
> <SNIP> So.....Do you know the command to execute the p***word change
> either through a command line program or though a VB6 subroutine or
> function.
>
<SNIP>

If you have admin or can emulate admin access and know the previous p***word
(or previous is blank) then you probably can use "NetUserChangeP***word"
from Netapi32.dll to do this.

If you want, email me and I'll send you a sample code.