|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Password ScriptHey Folks, I am looking to create a script to change the password to a guest
account on a weekly basis. I have the following script for the change commands, but I wanted to ask if anyone knew how I can use a Date variable as the password. So for the password variable, I'd like to pass the days date. i.e. 20070117 or 01172007. Any ideas? Thanks in advance. -wp I don't see the "following script", but I would recommend against setting
the password to the date, unless you are not concerned with people correctly guessing what it is. /Al Show quoteHide quote "news.microsoft.com" <n**@thistime.com> wrote in message news:ebIl23oOHHA.2232@TK2MSFTNGP02.phx.gbl... > Hey Folks, I am looking to create a script to change the password to a guest > account on a weekly basis. I have the following script for the change > commands, but I wanted to ask if anyone knew how I can use a Date variable > as the password. > > So for the password variable, I'd like to pass the days date. i.e. 20070117 > or 01172007. > > Any ideas? > > Thanks in advance. > > -wp > > Sorry about that! The script is the basic script found on theMS web site; I
havent done much to make it any more functional. Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=management,dc=fabrikam,dc=com") objUser.SetPassword "i5A2sj*!" The username/password is for a very limited use. And then again, I would be interested in a nuymber of variables I can use to make this more secure. Is there anyway to randomize the password and have it output to a web Show quoteHide quote page?Thanks again.-wp"Al Dunbar [MS-MVP]" <alan-no-drub-spam@hotmail.com> wrote in message news:%23TyYXWrOHHA.4172@TK2MSFTNGP03.phx.gbl... >I don't see the "following script", but I would recommend against setting > the password to the date, unless you are not concerned with people > correctly > guessing what it is. > > /Al > > "news.microsoft.com" <n**@thistime.com> wrote in message > news:ebIl23oOHHA.2232@TK2MSFTNGP02.phx.gbl... >> Hey Folks, I am looking to create a script to change the password to a > guest >> account on a weekly basis. I have the following script for the change >> commands, but I wanted to ask if anyone knew how I can use a Date >> variable >> as the password. >> >> So for the password variable, I'd like to pass the days date. i.e. > 20070117 >> or 01172007. >> >> Any ideas? >> >> Thanks in advance. >> >> -wp >> >> > > objUser.SetPassword "i5A2sj*!" sets the password to whatever is in the
string, just replace the "text" with a variable name and set the variable name to your new password using anything you want like this: newGuestPW = "sometext" & Date(now) objUser.SetPassword newGuestPW newGuestPW would equal "sometext" plus the date (you cam play with the date function to get different formats or modify it yourself), so long as you make certain there will only be valid characters in the generated password (and it meets your password requirements) you are set. Think long and hard on your password security policy to ensure it cannot be "guessed". Gernerating your passwords by formula makes it very easy for people to recreate it if they notice a pattern. ("Hmm last week it ended in 14, it ended in 07 the week before...maybe it ends in 21 now?") Adding randomized values and outputting the final result to a secure text file (admin only permission, etc) might be possible. Also, you will want a record of the generated passwords in case a system gets out of sync for whatever reason. Good luck. Show quoteHide quote "news.microsoft.com" <n**@thistime.com> wrote in message news:OzvQ6IxOHHA.3268@TK2MSFTNGP03.phx.gbl... > Sorry about that! The script is the basic script found on theMS web site; > I havent done much to make it any more functional. > > Set objUser = GetObject _ > ("LDAP://cn=MyerKen,ou=management,dc=fabrikam,dc=com") > > objUser.SetPassword "i5A2sj*!" > The username/password is for a very limited use. And then again, I would > be interested in a nuymber of variables I can use to make this more > secure. Is there anyway to randomize the password and have it output to a > web page?Thanks again.-wp"Al Dunbar [MS-MVP]" > <alan-no-drub-spam@hotmail.com> wrote in message > news:%23TyYXWrOHHA.4172@TK2MSFTNGP03.phx.gbl... >>I don't see the "following script", but I would recommend against setting >> the password to the date, unless you are not concerned with people >> correctly >> guessing what it is. >> >> /Al >> >> "news.microsoft.com" <n**@thistime.com> wrote in message >> news:ebIl23oOHHA.2232@TK2MSFTNGP02.phx.gbl... >>> Hey Folks, I am looking to create a script to change the password to a >> guest >>> account on a weekly basis. I have the following script for the change >>> commands, but I wanted to ask if anyone knew how I can use a Date >>> variable >>> as the password. >>> >>> So for the password variable, I'd like to pass the days date. i.e. >> 20070117 >>> or 01172007. >>> >>> Any ideas? >>> >>> Thanks in advance. >>> >>> -wp >>> >>> >> >> > > Well said. We use a script for setting (and re-setting) user passwords,
instead of the built-in function in ADU&C. Since the administrator will never have to actually use the password, and the user will use it only once, the double-entry checking serves no purpose. Neither does forcing a human operator to think up a reasonably secure password each time a password needs changing. If we set ten passwords before the first person comes in to get logged on, how are we going to remember them without either writing them down, or using the same one every time? So if joe hacker has his password set on two occasions, and he notices a pattern when it is set both times to WORDpass, how long would it take him to hack someone's account using that information and a list of all account names? Our script calculates a random password based on a pattern ("Cvccvc" would generate alpha-only passwords like Binkel, Cowboy, Zibqun, etc., "###-####" would generate passwords that looked like north american phone numbers. It then displays the password in a memo we can print and file securely until the user comes in to get it. /Al Show quoteHide quote "Steven" <sdi***@247networks.ca> wrote in message news:12r00vfrh77o394@corp.supernews.com... > objUser.SetPassword "i5A2sj*!" sets the password to whatever is in the > string, just replace the "text" with a variable name and set the variable > name to your new password using anything you want like this: > > newGuestPW = "sometext" & Date(now) > objUser.SetPassword newGuestPW > > newGuestPW would equal "sometext" plus the date (you cam play with the date > function to get different formats or modify it yourself), so long as you > make certain there will only be valid characters in the generated password > (and it meets your password requirements) you are set. > > Think long and hard on your password security policy to ensure it cannot be > "guessed". > Gernerating your passwords by formula makes it very easy for people to > recreate it if they notice a pattern. ("Hmm last week it ended in 14, it > ended in 07 the week before...maybe it ends in 21 now?") > > Adding randomized values and outputting the final result to a secure text > file (admin only permission, etc) might be possible. Also, you will want a > record of the generated passwords in case a system gets out of sync for > whatever reason. > > Good luck. > > "news.microsoft.com" <n**@thistime.com> wrote in message > news:OzvQ6IxOHHA.3268@TK2MSFTNGP03.phx.gbl... > > Sorry about that! The script is the basic script found on theMS web site; > > I havent done much to make it any more functional. > > > > Set objUser = GetObject _ > > ("LDAP://cn=MyerKen,ou=management,dc=fabrikam,dc=com") > > > > objUser.SetPassword "i5A2sj*!" > > The username/password is for a very limited use. And then again, I would > > be interested in a nuymber of variables I can use to make this more > > secure. Is there anyway to randomize the password and have it output to a > > web page?Thanks again.-wp"Al Dunbar [MS-MVP]" > > <alan-no-drub-spam@hotmail.com> wrote in message > > news:%23TyYXWrOHHA.4172@TK2MSFTNGP03.phx.gbl... > >>I don't see the "following script", but I would recommend against setting > >> the password to the date, unless you are not concerned with people > >> correctly > >> guessing what it is. > >> > >> /Al > >> > >> "news.microsoft.com" <n**@thistime.com> wrote in message > >> news:ebIl23oOHHA.2232@TK2MSFTNGP02.phx.gbl... > >>> Hey Folks, I am looking to create a script to change the password to a > >> guest > >>> account on a weekly basis. I have the following script for the change > >>> commands, but I wanted to ask if anyone knew how I can use a Date > >>> variable > >>> as the password. > >>> > >>> So for the password variable, I'd like to pass the days date. i.e. > >> 20070117 > >>> or 01172007. > >>> > >>> Any ideas? > >>> > >>> Thanks in advance. > >>> > >>> -wp > >>> > >>> > >> > >> > > > > > > Al, well, now that you mention it, I have two needs:
1) Enforce password policy by forcing a change tothe password twice per year on specific dates. Currently AD does not enforce by date. It allows me to set an expiration date but its a best effort sort of thing to hope it lands on the specific dates of my preference. 2) Systematically change the password of just one of my guest account on a weekly basis. My first thought is to use the date as our service desk will be able to provide a guest the password without needing to dig it up since the logic is self explanatory. In the meantime, I will be writing a more elaborate web service to randomize the password and then publish it to a web page on our Intranet Portal for our Service Desk to find and provide to the user. More advanced functions can include a password reset function to quickly change the poassword. However, currently this is not required. Any ideas? PS - I am relatively new to scripting. thanks, wp Show quoteHide quote "Al Dunbar [MS-MVP]" <alan-no-drub-spam@hotmail.com> wrote in message news:uM9e6KGPHHA.4484@TK2MSFTNGP02.phx.gbl... > Well said. We use a script for setting (and re-setting) user passwords, > instead of the built-in function in ADU&C. Since the administrator will > never have to actually use the password, and the user will use it only > once, > the double-entry checking serves no purpose. Neither does forcing a human > operator to think up a reasonably secure password each time a password > needs > changing. If we set ten passwords before the first person comes in to get > logged on, how are we going to remember them without either writing them > down, or using the same one every time? > > So if joe hacker has his password set on two occasions, and he notices a > pattern when it is set both times to WORDpass, how long would it take him > to > hack someone's account using that information and a list of all account > names? > > Our script calculates a random password based on a pattern ("Cvccvc" would > generate alpha-only passwords like Binkel, Cowboy, Zibqun, etc., > "###-####" > would generate passwords that looked like north american phone numbers. It > then displays the password in a memo we can print and file securely until > the user comes in to get it. > > /Al > > "Steven" <sdi***@247networks.ca> wrote in message > news:12r00vfrh77o394@corp.supernews.com... >> objUser.SetPassword "i5A2sj*!" sets the password to whatever is in the >> string, just replace the "text" with a variable name and set the variable >> name to your new password using anything you want like this: >> >> newGuestPW = "sometext" & Date(now) >> objUser.SetPassword newGuestPW >> >> newGuestPW would equal "sometext" plus the date (you cam play with the > date >> function to get different formats or modify it yourself), so long as you >> make certain there will only be valid characters in the generated >> password >> (and it meets your password requirements) you are set. >> >> Think long and hard on your password security policy to ensure it cannot > be >> "guessed". >> Gernerating your passwords by formula makes it very easy for people to >> recreate it if they notice a pattern. ("Hmm last week it ended in 14, it >> ended in 07 the week before...maybe it ends in 21 now?") >> >> Adding randomized values and outputting the final result to a secure text >> file (admin only permission, etc) might be possible. Also, you will want > a >> record of the generated passwords in case a system gets out of sync for >> whatever reason. >> >> Good luck. >> >> "news.microsoft.com" <n**@thistime.com> wrote in message >> news:OzvQ6IxOHHA.3268@TK2MSFTNGP03.phx.gbl... >> > Sorry about that! The script is the basic script found on theMS web > site; >> > I havent done much to make it any more functional. >> > >> > Set objUser = GetObject _ >> > ("LDAP://cn=MyerKen,ou=management,dc=fabrikam,dc=com") >> > >> > objUser.SetPassword "i5A2sj*!" >> > The username/password is for a very limited use. And then again, I >> > would >> > be interested in a nuymber of variables I can use to make this more >> > secure. Is there anyway to randomize the password and have it output to > a >> > web page?Thanks again.-wp"Al Dunbar [MS-MVP]" >> > <alan-no-drub-spam@hotmail.com> wrote in message >> > news:%23TyYXWrOHHA.4172@TK2MSFTNGP03.phx.gbl... >> >>I don't see the "following script", but I would recommend against > setting >> >> the password to the date, unless you are not concerned with people >> >> correctly >> >> guessing what it is. >> >> >> >> /Al >> >> >> >> "news.microsoft.com" <n**@thistime.com> wrote in message >> >> news:ebIl23oOHHA.2232@TK2MSFTNGP02.phx.gbl... >> >>> Hey Folks, I am looking to create a script to change the password to >> >>> a >> >> guest >> >>> account on a weekly basis. I have the following script for the change >> >>> commands, but I wanted to ask if anyone knew how I can use a Date >> >>> variable >> >>> as the password. >> >>> >> >>> So for the password variable, I'd like to pass the days date. i.e. >> >> 20070117 >> >>> or 01172007. >> >>> >> >>> Any ideas? >> >>> >> >>> Thanks in advance. >> >>> >> >>> -wp >> >>> >> >>> >> >> >> >> >> > >> > >> >> > > "news.microsoft.com" <n**@thistime.com> wrote in message I'm not an expert on policy, but I am unaware of any inherent ability to donews:urCYEzBQHHA.4172@TK2MSFTNGP04.phx.gbl... > Al, well, now that you mention it, I have two needs: > > 1) Enforce password policy by forcing a change tothe password twice per year > on specific dates. Currently AD does not enforce by date. It allows me to > set an expiration date but its a best effort sort of thing to hope it lands > on the specific dates of my preference. what you want to do. Password lifetime is generally measured from when the password is changed. This introduces a randomness, as some will change when first warned of a pending expiry, while others will come back from vacation to find their password long expired. If set to a specific date, I would expect a spike in support calls that day... > 2) Systematically change the password of just one of my guest account on a today the pw is set to 2007-01-25. service desk needs to give it out Jan 27,> weekly basis. My first thought is to use the date as our service desk will > be able to provide a guest the password without needing to dig it up since > the logic is self explanatory. how do they know which date to use? > In the meantime, I will be writing a more elaborate web service to It sounds like your service desk people lack the privileges that would allowrandomize > the password and then publish it to a web page on our Intranet Portal for > our Service Desk to find and provide to the user. More advanced functions > can include a password reset function to quickly change the poassword. > However, currently this is not required. > > Any ideas? them to change the passwords themselves. Personally, I think that could be done more securely than implementing what you suggest. /Al Show quoteHide quote > PS - I am relatively new to scripting. > > thanks, > wp > > > "Al Dunbar [MS-MVP]" <alan-no-drub-spam@hotmail.com> wrote in message > news:uM9e6KGPHHA.4484@TK2MSFTNGP02.phx.gbl... > > Well said. We use a script for setting (and re-setting) user passwords, > > instead of the built-in function in ADU&C. Since the administrator will > > never have to actually use the password, and the user will use it only > > once, > > the double-entry checking serves no purpose. Neither does forcing a human > > operator to think up a reasonably secure password each time a password > > needs > > changing. If we set ten passwords before the first person comes in to get > > logged on, how are we going to remember them without either writing them > > down, or using the same one every time? > > > > So if joe hacker has his password set on two occasions, and he notices a > > pattern when it is set both times to WORDpass, how long would it take him > > to > > hack someone's account using that information and a list of all account > > names? > > > > Our script calculates a random password based on a pattern ("Cvccvc" would > > generate alpha-only passwords like Binkel, Cowboy, Zibqun, etc., > > "###-####" > > would generate passwords that looked like north american phone numbers. It > > then displays the password in a memo we can print and file securely until > > the user comes in to get it. > > > > /Al > > > > "Steven" <sdi***@247networks.ca> wrote in message > > news:12r00vfrh77o394@corp.supernews.com... > >> objUser.SetPassword "i5A2sj*!" sets the password to whatever is in the > >> string, just replace the "text" with a variable name and set the variable > >> name to your new password using anything you want like this: > >> > >> newGuestPW = "sometext" & Date(now) > >> objUser.SetPassword newGuestPW > >> > >> newGuestPW would equal "sometext" plus the date (you cam play with the > > date > >> function to get different formats or modify it yourself), so long as you > >> make certain there will only be valid characters in the generated > >> password > >> (and it meets your password requirements) you are set. > >> > >> Think long and hard on your password security policy to ensure it cannot > > be > >> "guessed". > >> Gernerating your passwords by formula makes it very easy for people to > >> recreate it if they notice a pattern. ("Hmm last week it ended in 14, it > >> ended in 07 the week before...maybe it ends in 21 now?") > >> > >> Adding randomized values and outputting the final result to a secure text > >> file (admin only permission, etc) might be possible. Also, you will want > > a > >> record of the generated passwords in case a system gets out of sync for > >> whatever reason. > >> > >> Good luck. > >> > >> "news.microsoft.com" <n**@thistime.com> wrote in message > >> news:OzvQ6IxOHHA.3268@TK2MSFTNGP03.phx.gbl... > >> > Sorry about that! The script is the basic script found on theMS web > > site; > >> > I havent done much to make it any more functional. > >> > > >> > Set objUser = GetObject _ > >> > ("LDAP://cn=MyerKen,ou=management,dc=fabrikam,dc=com") > >> > > >> > objUser.SetPassword "i5A2sj*!" > >> > The username/password is for a very limited use. And then again, I > >> > would > >> > be interested in a nuymber of variables I can use to make this more > >> > secure. Is there anyway to randomize the password and have it output to > > a > >> > web page?Thanks again.-wp"Al Dunbar [MS-MVP]" > >> > <alan-no-drub-spam@hotmail.com> wrote in message > >> > news:%23TyYXWrOHHA.4172@TK2MSFTNGP03.phx.gbl... > >> >>I don't see the "following script", but I would recommend against > > setting > >> >> the password to the date, unless you are not concerned with people > >> >> correctly > >> >> guessing what it is. > >> >> > >> >> /Al > >> >> > >> >> "news.microsoft.com" <n**@thistime.com> wrote in message > >> >> news:ebIl23oOHHA.2232@TK2MSFTNGP02.phx.gbl... > >> >>> Hey Folks, I am looking to create a script to change the password to > >> >>> a > >> >> guest > >> >>> account on a weekly basis. I have the following script for the change > >> >>> commands, but I wanted to ask if anyone knew how I can use a Date > >> >>> variable > >> >>> as the password. > >> >>> > >> >>> So for the password variable, I'd like to pass the days date. i.e. > >> >> 20070117 > >> >>> or 01172007. > >> >>> > >> >>> Any ideas? > >> >>> > >> >>> Thanks in advance. > >> >>> > >> >>> -wp > >> >>> > >> >>> > >> >> > >> >> > >> > > >> > > >> > >> > > > > > > 
Other interesting topics
|
|||||||||||||||||||||||
