Security Basics mailing list archives
Re: Automatic Password Reset
From: "Ali, Saqib" <docbook.xml () gmail com>
Date: Tue, 5 Jun 2007 10:10:31 -0700
Mohamed You would have to perform the following steps: 1) Create a new application pool on the IIS Server 2) Assign a account that has privileges to change user's password to that application. 3) Create a new virtual website on the IIS 4) Assign the newly create application pool to the virtual website. 5) And the place you ASPX script that includes the code for the challenge/response and the code to change the password in the virtual website. The task will take about 20 hours if you are new IIS and ASPX saqib http://www.full-disk-encryption.net On 6/5/07, Mohamed Farid <mfarid () mscc com eg> wrote:
Dear Saqib : Where exactly should I add this code ? Please help me more because I don't have the experience for editing web-pages ... Thanks ,,, Mohamed Farid ,, -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ali, Saqib Sent: Monday, June 04, 2007 8:55 PM To: Mohamed Farid Cc: security-basics () securityfocus com Subject: Re: Automatic Password Reset This can be easily done using a small ADSI script running on the same server as your Web Interface Server (NFuse). Here is the ASPX code that will do the trick: --------------------------------------------- user = New DirectoryEntry("LDAP://" & userDomain & "/" & userDN) user.Invoke("SetPassword", newPassword) user.Properties("pwdLastSet").Value() = -1 user.CommitChanges() ------------------------------------- Of course you will have write some code for the challenge questions and lookup the user in the AD using LDAP calls. saqib http://www.full-disk-encryption.net On 6/4/07, Mohamed Farid <mfarid () mscc com eg> wrote: > Dear All : > > I have Citrix 4.0 implemented at my company and a lot of users are > logging to it using the web interface technique... > I need a way to make the users automatically reset their passwords if > they forget it by going through some pre-configured questions and > answers .. > > I need some application names which is doing that ... > I saw sort of them in the past but I failed to find them ... > > Mohamed Farid ,, > > * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * > This e-mail (including attachments) is classified as Mediterranean Smart Cards Company confidential and proprietary information > The recipient hereby is committed to hold in strict confidence the contents of this (e-mail, document, and information) and not to disclose to any third party without the prior written consent of Mediterranean Smart Cards Company. > Recipient will be held liable for any unauthorized disclosure. > It is intended solely for the addressee. Unless you are the addressee, you may not read, copy, use or store this e-mail in any way, or permit others to. > If you have received it in error, please notify the sender by return e-mail and delete the message in its entirety, including any attachments > * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * > > > -- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net
-- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net
Current thread:
- Automatic Password Reset Mohamed Farid (Jun 04)
- Re: Automatic Password Reset Ali, Saqib (Jun 04)
- RE: Automatic Password Reset Mohamed Farid (Jun 05)
- Re: Automatic Password Reset Ali, Saqib (Jun 05)
- RE: Automatic Password Reset Mohamed Farid (Jun 05)
- Re: Automatic Password Reset Ali, Saqib (Jun 04)