Announcement

Collapse
No announcement yet.

Set Password on local accounts

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Set Password on local accounts

    Searched and found the 14 character issue with an older version of Hyena but I wouldn't think it still exist. Since I am working on DoD equipment and STIG's require that each local administrator account on member servers must have a unique password. Low and behold it appears you guys have that option with a %E% or %e%. I'm able to set it and see the successful entry in the log file, but when I try to log on the system via RDP. The password is not working (the account is not disabled).

    So for example on a server named Trammel. I enter [email protected]$$w0rd1%e% and that should equate to [email protected]$$w0rd1trammel and if I used a capitol E it would of been [email protected]$$w0rd1TRAMMEL

    Am I doing this correctly?

  • #2
    Yes, that is right. Just tested it. If the password is greater than the maximum length that function allows, you get an error and the log will reflect the maximum length was exceeded.

    There is a setting, Tools > Settings > Advanced "MaxW2KPasswordLength" where you can set it to be longer, but the default is 30 and you are well below that.

    Try opening the properties for that account, and manually enter that password, and the log onto the account. If that works, let me know what path your took to get to the computer listing in Hyena or how you selected the computer to change the password on.

    This function is used quite frequently, but one thing I see is that we have to remove any leading \\ characters on the server, but that is done blindly. It might be an issue. There is a way to 'see' the name of the server being used, but before I give those steps, verify the above things.

    Thanks
    Kevin Stanush
    SystemTools Software Inc.

    Comment


    • #3
      When I open the properties of the computer account, I don't see anywhere to set the password like a user account. I've checked all 10 tabs.

      BUT, since putting my registration key in I am now receiving an error with being over 30 characters. It appears to be using the FQDN as it states apache.ad.dcpds.cpms.osd.mil on top of [email protected]$$w0rd1 for a total of 37.

      I have the setting checked to use FQDN, does that effect the %e% value when setting the password as well?

      Comment


      • #4
        Hold on a few, it may be a STIG policy that I am fighting against.

        Comment


        • #5
          Yup, damn STIG has the local administrator with Deny Access from the Network so the RDP function wouldn't work. I also answered my own question, by having the check box in Advanced for use DNS computer paths does indeed ad the trailing domain name to that %e% variable in password reset.

          Comment


          • #6
            Earlier when I meant to open the Properties of the account, I meant the 'Administrator' account (or whatever it is named) on the computer (local computer administrator account). That would verify you could set the password manually.

            Now, I'll assume you were using an older version that didn't log the password length limitation, and the newer version is showing why its happening. Yes, by having the DNS option checked, that becomes the host name, so the password becomes very long (and probably not what you want).

            This is tricky to fix, but one simple idea would be to detect the DNS-formatted name and just keep the leftmost portion, which is generally the Netbios name. Would that work in this case ?

            I don't see how this change could cause any wierd impact on anyone using this function as I can't see anyone wanting to use the DNS host name in a password
            Kevin Stanush
            SystemTools Software Inc.

            Comment


            • #7
              For the purpose of setting the password with the %e% variable, I configured a DoD (2 upper, 2 lower, 2 special & 2 number) of for a total of 11 characters. Then unchecked the "Use DNS computers path" and set the password along with %e%. Once done, put my check box back for DNS and called it a day.

              Comment


              • #8
                OK, good. Thanks for narrowing the source of the problem down. Beat the alternative to find what it was being set to.
                Kevin Stanush
                SystemTools Software Inc.

                Comment

                Working...
                X