13 replies to this topic

[Silverlay]

Can I get password and login of user that install my product?

[Stefan Krueger]

The LogonUser property will give you the user name. To get the password you will need to add a dialog that asks the user to enter his password.

[Silverlay]

Can i take it from Active directory using IS X? Can IS X work with active directory?

[Stefan Krueger]

I don't think there is any way to obtain the user's password from the operating system, for security reasons. At least I hope so

[Silverlay]

No we can do this if we have hight prevelegies ... we can get user name and his password ...

[smm]

Hi,
How did you do to get the user login?

Thanks in advance

[Zweitze]

Due to security reasons, you cannot get the user password.

If Setup is run by a domain administrator, you have an alternative: you can change the password: domain admins do not need to know the current password to change it, so they can help users who forgot their passwords.
Few users would appreciate such behaviour, but at least you get the job done. If you do so, don't forget to deny the right to change the user password again - otherwise your information becomes useless.
I wonder why you need this info?

[Glytzhkof]

In my opinion there is no acceptable or ethic deployment solution where the above should be necessary.

[Glytzhkof]

Furthermore I think that force changing a user's password may corrupt certain data (intentionally done by the system). I do not have detailed knowledge here but I think it can cause problems at least for encrypted files (and possibly other things).

[Zweitze]

No, a user can change his password as much as he likes to without any sideeffects. The password is only used to check the identity of the user, nothing else.
In fact, Microsoft recommends to use the policy that enforces all user to change their passwords every 60 days or so.

[Glytzhkof]

I meant for an admin to force change a password FOR the user, not the user changing their own password.

[Zweitze]

I have no idea what kind of changes you noticed. Loss of certificates, loss of access to encrypted disks, loss of file ownership?

I know two differences differences exist between IADsUser::ChangePassword() and IADsUser::SetPassword() , 1) Password history policy is not enforced by SetPassword; 2) SetPassword fails unless a secure, encrypted connection exists between the server and workstation, allowing the workstation to validate the server. For ChangePassword this is not required.
And I wouldn't be surprised if SetPassword gives suspicious entries in the Security Eventlog as well.

Oh well, I guess this discussion is more an ADSI discussion.

[Glytzhkof]

If you open the computer management console, go to local users, right click a user and select set password you should get a warning message to the effect of what I have written above.

[Zweitze]

Indeed... The way I read the related info is that SetPassword() destroys the "My" certificate key store of the account.

Thanks for pointing this out... I have to update my admin skills!