Just for the gurus -- Remote admin password changing with privileged user ??

David Bolen db3l at fitlinxx.com
Tue Feb 12 17:16:15 EST 2002 

matthias_j at lycos.com (Matthias Janes) writes:

>             BUT THE REAL PROBLEM is that I do not have admin rights on
> the other domains.

Well, you're going to have to have admin rights on those
domains/machines to make the change.  I assume what you really mean is
that your local Matthias account doesn't have those admin rights.

> I could copy the script to all the Domains and execute it logged on as
> Admin - but I would realy like to avoid this if possible.  Maybe there
> is a way to send an authetification to the domains like
> username:TechAdmin + the old passwort - (like a Su command) I'm not
> sure..... -- ANY HELP

In general, the network calls don't have their own authentication
information provided in each call.  Instead, NT establishes an IPC
link to the remote machine, and keeps cached authentication credential
information that is then used for any remote requests to that same
machine.

The simplest way I know to control the credentials used is to
establish a network use across to the remote machine in question.  You
can use any given account/password combination when doing that.  Once
you have one network link to a remote machine with authentication
information, NT will continue to use that same authentication
information for other remote requests of any type to that machine.  In
fact, in some cases that's a major pain.

It doesn't have to be any formal resource on the remote machine, just
use the automatic IPC$ share (which is going to be grabbed anyway once
you try to make the remote network request).  You just have to make
sure that you establish your own network use before doing any other
network operation, or else you'll already have an IPC$ use with
default credentials (e.g., Matthias).

You can establish the share with NetUseAdd, and remove it when done
with NetUseDel.  I haven't done it myself yet, but once you have that
share, I would think that NetUserChangePassword (or NetUserSetInfo) to
that machine might work.

--
-- David
-- 
/-----------------------------------------------------------------------\
 \               David Bolen            \   E-mail: db3l at fitlinxx.com  /
  |             FitLinxx, Inc.            \  Phone: (203) 708-5192    |
 /  860 Canal Street, Stamford, CT  06902   \  Fax: (203) 316-5150     \
\-----------------------------------------------------------------------/

More information about the Python-list mailing list