BENEFITS
- Sets a unique, secure password on each password reset
- Helpdesk employee users do not need to use or install RSAT (at least not for those only resetting passwords)
- End-users do not get passwords such as Password1 or Company1 and continue with this bad practice by continuing with passwords such as Password2 or Company2
IMPLEMENTATION
1) Download and extract PasswordResetTool.zip (here is VirusTotal scan) to a folder of your choice.
2) Run Configurator.exe (Configurator Editor).
a) On the Settings tab, enter the FQDN and NetBIOS for the domain on for which Password Reset Tool needs to reset passwords for
b) Specify length that passwords should be reset to for user and administrator accounts
c) Save the configuration file
DEMO EXECUTION
Once configuration has been completed, the Password Reset Tool can be executed
Once the Reset Password button is pressed, the specified user account password is reset to a pronounceable, random password
After the process, the connection password and user field are cleared.
RELEVANT CODE
DirectoryEntry directionEntry = new DirectoryEntry(domainPath, domainName + "\\" + connectionUserName, @connectionPassword);
if (directionEntry != null)
{
DirectorySearcher search = new DirectorySearcher(directionEntry);
search.Filter = "(SAMAccountName=" + userToReset + ")";
SearchResult result = search.FindOne();
if (result != null)
{
DirectoryEntry userEntry = result.GetDirectoryEntry();
if (userEntry != null)
{
userEntry.Invoke("SetPassword", new object[] { password });
userEntry.Properties["pwdLastSet"].Value = 0;
userEntry.Properties["LockOutTime"].Value = 0x0000;
userEntry.CommitChanges();
}
}
}
return password;
CONCLUSION
Using initial secure and unique passwords during reset contributes to a far more secure environment.