Novell Home

Forget Your Password? Not a Problem.

Novell Cool Solutions: Trench
By Mehmet Duran

Digg This - Slashdot This

Posted: 23 Jun 2004
 

Editor's Note: Before you use this tip, see the cautionary note submitted by Will Schneider below.

The Problem

If an user forgets his password, how can he log in to a Windows XP computer, and change his password.... He can't!

The Solution

Create a user, in your directory, with an easy-to-remember name, like "password" without a password. Then set up Grouppolicy so that the Windows Workstation is almost totaly blocked except for Internet Explorer.

Define in the grouppolicy:
User Configuration -> Administrative template -> Logon -> Run these programs at user logon. And enable this. Type the URL of your DirXML, "Where users can change their password" server Voila. Now if a user forgets his password he can log on to the computer with "password" and the only thing he can do on this computer is change his password. The toolbar and everything else MUST be blocked.

I don't know if I have translated it right in English. Speaking English is easy, writing in English is hard.

If you have questions or suggestions regarding this solution, you can contact Mehmet at: mduran@TAKETHISOUThome.nl

More info from Will Schnieder

This could be a MAJOR security issue. If the user account has no password, it could be used very easily in a DDoS attack, or could be used for collecting information for social engineering from the directory.

Having a NULL password is against all regulatory policies and prohibited by almost ALL corporate policies.

HIPAA alone states that every authenticated user must be uniquely identified. This could not be the case when this user is logged in.

Even though the desktop is locked down, the account is not locked down and must have a minimum set of rights to attributes in order to function.

This "password free" account could also be used by viruses or worms to propagate. NULL password is one of the first attacks that usually takes place. Remember SQL Slammer.

Questions can be sent to william.c.schneider@TAKETHISOUTuth.tmc.edu


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell