- Introduction
- Requirements
- License and Registration
- Installation
- Using cPWD
- Search Active Directory
- Change Passwords
- Update Service Logons
- Rename Administrator
- History Maintenance
- Working with Multiple Domains
- Encrypted Password Changes over the Wire
- Error Message when executed on a Domain
Controller
Change Passwords -
cPWD is a powerful Information Security Management tool that
will change local administrator password on computers across the
network.
- Microsoft Active
Directory.
- Windows® 2000/XP/2003
- Systems queried across
the network require Windows® NT/2000/XP/2003
- Administrator
permissions is required on all systems
cPWD (product) is licensed per
Systems Administrator. Please review the End User License Agreement
for
details.
To register cPWD, copy the file sent to you by
Absolute Dynamics to the same folder as cPWD.EXE. When the
executable is launched, the product will automatically be registered.
Absolute Dynamics provides the following benefits to our
customers:
- E-mail support
- Elimination trial version
limitation
- Additional licenses can be purchased at anytime
- Input into the future design all Absolute Dynamics products
- Free upgrades for the first year
Cumbersome installation procedures are not required. Simply copy the executable to a
directory on a local hard drive and launch the application (cPWD.exe).
cPWD is a powerful tool that
will change the password of a local account, update logon
information for a service or rename the local Administrator account
on multiple systems across your Active Directory Domain.
Add Computer: Allows you to
manually enter a computer to be added to list of available
computers.
Remove Computers: Deletes computers and all associated
history reports from cPWD.
Import from a File: Import
a list of computers from a text file.
Search Active Directory:
Search for computer accounts you want to add to cPWD.
Use the export/import functions to customize the list of
available computers you manage using cPWD.
Change Passwords: Changes
the password of a local account on
selected computers in the list.
Update Service Logons:
Updates logon information for a service on selected
computers in the list.
Rename Administrator:
Renames the local Administrator account on selected
computers in the list
Help: Calls this web page.
Search Filter: Enter a
computer name or partial computer name to search for.
By default all computer names are searched.
Start Path: The LDAP
path in Active Directory to begin searching. By
default the root of the default domain is searched.
Remove Computer from List:
Removes the selected computer from the list.
Export to File: Exports the
list of computers to a file which can be modified, then
imported at a later time. The file name should be
saved with at TXT extension.
Change Passwords will change
the password of a local account on all targeted
systems.
Targeted Computers: The
list of computers that will have the password changed.
Local User Account:
The name of the local user account to be changed. If
the local user account is "administrator", the account is
verified by SID. Even if the account has been renamed,
use "administrator" as the name to change the password for
this built-in account.
New Password: The new
password to apply.
Verify Password: Verify the
new password to apply.
Random Password: If Random
Password is checked, it is not necessary to specify a new
password because cPWD will automatically generate and apply
a random password that is C2 Security compliant.
Min.Length: If Random
Password is checked, then the minimum password length must
be specified. The minimum password length should be
set based on your Active Directory Security Policy.
The length of random passwords that are generated by
cPWD will be between the minimum length plus 5. For
example, if you specify a minimum length of 15, the
length of any given random password will be between
15-20.
Update Service Logons will configure a
specific service to logon with a domain account. This is a handy tool if
you need to change the password of special service account, then update all the
computers that use it.
Targeted Computers: The
list of computers that will have logon information for the
targeted service updated.
Targeted Service:
The service you want to change.
Browse: Lists
services from a remote computer. Use this option to
select a targeted service from a remote computer.
The name of the computer in the title bar is the
current computer that you're connected to.
Service Logon Account:
The name of the domain user account the service will use to
logon. It must be entered in the format "DOMAIN\USER"
or "USER@DOMAIN.COM". You may also enter "LocalSystem"
as the service logon account to configure the service to
logon with this built-in account. A password should NOT be
used with "LocalSystem".
Password: The password of
the domain account used to logon.
Verify Password: Verify the
password.
Rename Administrator will rename the local
administrator account. It does not matter what the current name of the local
administrator account is because cPWD renames this built-in account based on the
SID.
Targeted Computers: The
list of computers that will have the local Administrator
account renamed.
New Account Name:
Enter the name you want the local Administrator
account renamed to.
All computers and associated
history files are maintained in a folder named
"COMPUTERS\%COMPUTERNAME%\%COMPUTERNAME.TXT" that is
automatically created as computers are added to cPWD.
By default, the "COMPUTERS" folder is created in the
same directory where cPWD.EXE is executed.
It is recommended that this
folder be protected, as it contains the actual
account names and passwords cPWD applied.
Each time cPWD is executed
against a list of systems, a status web page is
generated displaying success/failure results.
Clicking the "X" or "CHECK-MARK" from this web page
will open the history file for that computer.
This web page (CPWD.HTM) is overwritten each time a
list of computers is scanned.
Optionally, you can also
navigate to the "COMPUTERS" folder and locate/view
the history file for any computer.
cPWD uses your existing
credentials when searching, modifying or administering
Active Directory objects or remote computers on the network.
To access other domains on your network, right click
cPWD.exe and perform a RunAs command against the
executable, then specify the proper domain credentials.
When using cPWD to change passwords
on remote computers, the
NetUserSetInfo protocol is used. This protocol has been
tested and proven to be secure when changing passwords.
IT DOES NOT DISPLAY THE PASSWORD IN CLEAR TEXT OVER THE
WIRE.
Back to Top
When you attempt to execute cPWD on
a domain controller, you receive an error message stating
"665: Specified domain is not a trusted domain". Do not
execute cPWD directly on the domain controller, instead run
it from a member server or workstation.
Back to Top
|
