Forget Your Password? Not a Problem.
Novell Cool Solutions: Trench
By Mehmet Duran
Digg This -
Posted: 23 Jun 2004
Editor's Note: Before you use this tip, see the cautionary note submitted by Will Schneider below.
If an user forgets his password, how can he log in to a Windows XP computer, and change his password.... He can't!
Create a user, in your directory, with an easy-to-remember name, like "password" without a password. Then set up Grouppolicy so that the Windows Workstation is almost totaly blocked except for Internet Explorer.
Define in the grouppolicy:
User Configuration -> Administrative template -> Logon -> Run these programs at user logon. And enable this. Type the URL of your DirXML, "Where users can change their password" server Voila. Now if a user forgets his password he can log on to the computer with "password" and the only thing he can do on this computer is change his password. The toolbar and everything else MUST be blocked.
I don't know if I have translated it right in English. Speaking English is easy, writing in English is hard.
If you have questions or suggestions regarding this solution, you can contact Mehmet at: mduran@TAKETHISOUThome.nl
This could be a MAJOR security issue. If the user account has no password, it could be used very easily in a DDoS attack, or could be used for collecting information for social engineering from the directory.
Having a NULL password is against all regulatory policies and prohibited by almost ALL corporate policies.
HIPAA alone states that every authenticated user must be uniquely identified. This could not be the case when this user is logged in.
Even though the desktop is locked down, the account is not locked down and must have a minimum set of rights to attributes in order to function.
This "password free" account could also be used by viruses or worms to propagate. NULL password is one of the first attacks that usually takes place. Remember SQL Slammer.
Questions can be sent to william.c.schneider@TAKETHISOUTuth.tmc.edu
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com