Active Directory Password Reset Tool

BENEFITS

  • Sets a unique, secure password on each password reset
  • Helpdesk employee users do not need to use or install RSAT (at least not for those only resetting passwords)
  • End-users do not get passwords such as Password1 or Company1 and continue with this bad practice by continuing with passwords such as Password2 or Company2

IMPLEMENTATION

1) Download and extract PasswordResetTool.zip (here is VirusTotal scan) to a folder of your choice.

2) Run Configurator.exe (Configurator Editor).

a) On the Settings tab, enter the FQDN and NetBIOS for the domain on for which Password Reset Tool needs to reset passwords for

b) Specify length that passwords should be reset to for user and administrator accounts

c) Save the configuration file

DEMO EXECUTION

Once configuration has been completed, the Password Reset Tool can be executed

Once the Reset Password button is pressed, the specified user account password is reset to a pronounceable, random password

After the process, the connection password and user field are cleared.

RELEVANT CODE

DirectoryEntry directionEntry = new DirectoryEntry(domainPath, domainName + "\\" + connectionUserName, @connectionPassword);
    if (directionEntry != null)
    {
        DirectorySearcher search = new DirectorySearcher(directionEntry);
        search.Filter = "(SAMAccountName=" + userToReset + ")";
        SearchResult result = search.FindOne();
        if (result != null)
        {
            DirectoryEntry userEntry = result.GetDirectoryEntry();
            if (userEntry != null)
            {
                userEntry.Invoke("SetPassword", new object[] { password });
                userEntry.Properties["pwdLastSet"].Value = 0;
                userEntry.Properties["LockOutTime"].Value = 0x0000;
                userEntry.CommitChanges();
            }
        }
    }
    return password;

CONCLUSION

Using initial secure and unique passwords during reset contributes to a far more secure environment.

How to run commands using SYSTEM account

INTRODUCTION

This is a process I use whenever I get an “Access Denied” message. One example of this is when I do not have access to SQL Server directly, only administrative rights to the actual server.

PROCESS

1) Download PsExec which is part of the PsTools suite

2) Extract PsTools.zip to a convenient location. I usually copy PsExec.exe to the System32 folder. This allows PsExec.exe to be executed from any folders without specifying the full path.

3) Execute the following command

PsExec.exe -s -i -d CMD.exe

4) From within this new command prompt, everything you open will open as the SYSTEM account.

EXAMPLES

Viewing NT Secrets

Open Regedit.exe and you will be able to see content of HKEY_LOCAL_MACHINE\SECURITY

  • This allows you to view passwords that were stored as NT Secrets

Opening SQL Server Management Studio as SYSTEM

Open SQL Management Studio and you will be able to log on with SYSTEM

  • This allows you to access SQL without directly having been granted SQL right yet you have administrative rights to SQL Server

You will be able to browse to any folder that only allows SYSTEM account

  • You can export permissions with SetACL/ICACLS to folders that administrators group might have been removed on
  • Kill processes that give error Access Denied when you try to terminate it with normal Administrator rights

WinDirStat/TreeSize etc.

Running something like TreeSize as SYSTEM will actually give you a better view and understanding of what is using space because you will get less access denials

Some others…

  • Simulate GPO start scripts
  • Simulate GPO based MSI installation
  • Diagnose why scheduled tasks that run as SYSTEM don’t run as intended
  • Start/stop protected services

CONCLUSION

Using this process, (or one similar) will allow you to start processes as the SYSTEM account allowing you to access parts of files system, registry and application not accessible with normal Administrative rights.

CircularLogArchiver v2.0

Usage : CircularLogArchiver.exe GO [/LP:LogPath] [/LE:LogExtention] [/AI:ArchiveInterval] [/AOT:ArchiveOlderThan] [/DAOT:DontArchiveOlderThan] [/DOT:DeleteOlderThan]
Example : CircularLogArchiver.exe GO /LP:”C:\Logs” /LE:”*.log” /AI:”M” /AOT:”1″ /DAOT:”3″ /DOT:”3″
Example above will archive all files in “C:\Logs” with *.log extention that are between one and three months old and delete files older than three months

Attachment(s):
[list-attachments]

Before

clbefore

After

clafter