Blog Archives
Reset Password from Command Prompt in Server 2008
For a developer or IT admin working in Windows Server 2008 environment, you may have noticed ctrl+alt+del does not work over remote connection and you can no longer change your password from control panel.
The best solution to this in my opinion, that will likely work far into the future, is the command line.
Also keep in mind you are a server admin and disable much functionality for your remote users, sometimes these permissions don’t always apply to command line variants and the latter can be used for privilege escalation in the event of a workstation or user profile compromise.
net user user_name * /domain net user user_name new_password ex. net user Bob 12bdir5$
References
Microsoft Support, “How to Change User Password at Command Prompt”,
Strong Password Generator
Pretty good little web based site to generate strong passwords on the fly. Once I have some time to whip up a little tool to do the same I’ll be sure to post code here.
(Requires javascript:)
StrongPasswordGenerator
References
StrongPasswordGenerator, http://strongpasswordgenerator.com/
Quick .Net Encryption Reference
The code below represents a very basic .NET encryption class which has been tested and should work in your application – simply plug and play. 🙂
Contains two static methods that can be called without needing to instantiate the class.
Keep in mind the initialization vector below (indicated by rgbIV) is generic, and you will need to come up with your own. Remember not to share this. Even if the password is compromised, the attacker would also need to know the initialization vector to crack your value.
Also note the code which has been commented out. This illustrates cases where passwords and/or IV can be statically set in the class and/or shared based on value passed in for password parameter.
Sharing IV and password or storing either statically is a security risk and could cause errors depending on byte differences of the values. If you statically store these values, you will still create secure cipher text, but it will be much easier to crack.
Enjoy. 😉
using System;
using System.IO;
using System.Text;
using System.Security.Cryptography;
namespace AIS.Common.Crypto
{
public static class Rijndael
{
public static string Encrypt(string ClearText,string password)
{
byte[] clearTextBytes = Encoding.UTF8.GetBytes(ClearText);
System.Security.Cryptography.SymmetricAlgorithm rijn = SymmetricAlgorithm.Create();
MemoryStream ms = new MemoryStream();
byte[] rgbIV = Encoding.ASCII.GetBytes("example");
//byte[] key = Encoding.ASCII.GetBytes("longerexample");
//byte[] rgbIV = Encoding.ASCII.GetBytes(password);
byte[] key = Encoding.ASCII.GetBytes(password);
CryptoStream cs = new CryptoStream(ms, rijn.CreateEncryptor(key, rgbIV),
CryptoStreamMode.Write);
cs.Write(clearTextBytes, 0, clearTextBytes.Length);
cs.Close();
return Convert.ToBase64String(ms.ToArray());
}
public static string Decrypt(string EncryptedText, string password)
{
byte[] encryptedTextBytes = Convert.FromBase64String(EncryptedText);
MemoryStream ms = new MemoryStream();
System.Security.Cryptography.SymmetricAlgorithm rijn = SymmetricAlgorithm.Create();
byte[] rgbIV = Encoding.ASCII.GetBytes("example");
//byte[] key = Encoding.ASCII.GetBytes("longerexample");
//byte[] rgbIV = Encoding.ASCII.GetBytes(password);
byte[] key = Encoding.ASCII.GetBytes(password);
CryptoStream cs = new CryptoStream(ms, rijn.CreateDecryptor(key, rgbIV),
CryptoStreamMode.Write);
cs.Write(encryptedTextBytes, 0, encryptedTextBytes.Length);
cs.Close();
return Encoding.UTF8.GetString(ms.ToArray());
}
}
}
References:
Wikipedia – Encryption, http://en.wikipedia.org/wiki/Encryption
Out of Office Reply 