|
|||||||||
|
|||||||||
|
|||||||||
 |
|||||||||
| |
||
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
|
|||||||||
| |
||
|
|
|
| ||||||||||||||||||||||||||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
ASP Free Forums Sponsor:
|
|
|
|
#1
October 16th, 2009, 11:30 AM
|
|||
|
|||
|
WSH - Clear cached passwords
Hi
Need a little help to clarify a problem here if possible. My script currently locks the workstation remotely. I need to have my script change the password of a logged in user and clear the cache so that once it is locked they cannot log back in with the old ( cached ) password. I do not want to use GPO to stop the system caching passwords as this may prove detrimental in the event of a domain login failure. Does anyone know of a way to clear the cache remotely from a script ? thanks in advance
|
|
#2
October 17th, 2009, 04:52 AM
|
||||
|
||||
|
You're asking for a way to circumvent built-in securities there, "devious"dexter. I'm not even going to take a look into this without a good reason why you would need to do such thing.
__________________
Scripting problems? Windows questions? Ask the Windows Guru! Stay up to date with all of my latest content. Follow me on Twitter! Help us help you! Post your exact error message with these easy tips!
|
|
#3
October 17th, 2009, 07:42 PM
|
|||
|
|||
|
HI Nilpo and thanks for taking the time to answer
i understand your concern however my issue is this - i have a scrip that will lock the users workstation and change their password. However as the cached password is still sctive until a user logs in with the new password they still have access to the workstation. I am trying to stop this from happening - this, as far as i can see, requires flushing the cache of their last password to stop this being a security issue. if i set the password cache to store 0 last logins it will affect all users which is not my intention, and would cause problems should the server go offline. I could not find a setting on win2k GPO's to force server authentication on workstation unlock. if you can point me to this GPO, this would serve the purpose i need. many thanks
|
|
#4
October 22nd, 2009, 02:47 PM
|
|||
|
|||
|
Well i think i have found a workaround for this which does not compromise built in security features, if anyone is interested.
By adding a value to the registry, the machine can be made to authenticate every time it is unlocked - thius is available in later versions of windows server through GPO's but i could not find it in standard win2k server GPO's. this works on Windows 2000 Server and a Windows 200o Pro client. NOTE: Playing about with the registry can render your machine un useable please read up before trying this key or modifying it in anyway. find this key :- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Currentversion\Winlogon add a DWORD entry called ForceUnlockLogon change the value to 1 ------ this should now force the machine to authenticate when unlocking. i believe from what i have read that exceptions can occur when screen savers are active but have not pursued this as of yet. I would be interested if anyone could point me to a useful article on adding this into .adm files ( i think it requires the system.adm to be modified but cant see a clear article on actually achieving this) thanks
|
|
| Viewing: ASP Free Forums > System Administration > Windows Scripting > WSH - Clear cached passwords |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
