Security

Re: Help with impersonate - remotely resetting password

banging — Tue, 02 Oct 2007 19:58:56 GMT

Hard coding the user in the webconfig file worked. I wish I could figure out why it's not passing along the windows credentials but it does work. Thanks very much for your help.

Re: Help with impersonate - remotely resetting password

tsm — Fri, 21 Sep 2007 19:57:13 GMT

Another thing you can try is hardcoding the impersonation identity into your web.config file.

Re: Help with impersonate - remotely resetting password

banging — Fri, 21 Sep 2007 19:01:45 GMT

Thanks for the reply! I do have anonymous access disabled and using integrated windows authentication. It is running under the right account but seems to use the anomyous account when it leaves the asp server and goes out to a remote box.

Re: Help with impersonate - remotely resetting password

tsm — Fri, 21 Sep 2007 01:36:29 GMT

Try disabling anonymous access in IIS. I don't think anonymous access would have rights to reset an administrator account. Eventhough you are using an account with sufficient rights, I believe if anonymous access and impersonation are enabled then the request is made with the IUSR_mahinename account.

Help with impersonate - remotely resetting password

banging — Thu, 20 Sep 2007 16:27:19 GMT

Hi, I'm porting a vbscript to asp.net and have this remote password reset tool working only if I'm logged into the computer and running it from there. If I access the page from a different box it fails to bind to another workstation. Basically, the program loops through a text file with computer names and resets the administrator account. I'm logging in with impersonate and windows authentication that has rights to reset the administrator account. It works great when rdp'd into the web server but not from my desktop. The security logs on the remote pc's whose password I'm trying to reset shows successfull anonymous access but not account change. I'm sure that the program is using the account that has admin privleges but it seems that it's not using that acct. to bind to the pc's and reset the admin acct.

web config file snippet

partial reset code

Do Until serverlist.EndOfStream

'assign the variable host to represent a line in the text file, which is a server

Try

host = serverlist.ReadLine

Catch

Logfile.WriteLine("error reading serverlist.txt file, " & Date.Now)

lblUploadStatus.Text = "Error reading serverlist.txt file, check the file"

Exit Sub

End Try

'bind with adsi to the user account on the server

Try

user = GetObject("WinNT://" & host & "/" & useraccount)

Logfile.WriteLine(host & ",success," & Date.Now)

Catch ex As System.Exception

'MsgBox("An exception occurred:" & " for " & host & vbCrLf & ex.Message)

Logfile.WriteLine(host & ", failure," & ex.Message & "," & Date.Now)

End Try

'change the password to the new password

Try

user.SetPassword(confirmpassword)

Catch ex As Exception

'Logfile.WriteLine(host & ", change password failure," & Date.Now)

End Try

'confirm the password change

Try

user.SetInfo()

'Logfile.WriteLine(host & ", set password success," & Date.Now)

Catch

'Logfile.WriteLine(host & ", set password failure," & Date.Now)

End Try