Difference between revisions of "BCX Change Password"
m |
|||
Line 80: | Line 80: | ||
+ | From the folder you extracted the download to, open the settings.xml in notepad and configure the following settings as desired: | ||
+ | |||
+ | AllowBlankPW – true or false – Allows a user to set a blank password (clear password) | ||
+ | |||
+ | AllowUserMustChangeOnLogon – true or false – Allows a user to check the user must change password on next logon box | ||
+ | |||
+ | AutoComplete – true or false – Autocomplete the username as the user starts to type | ||
+ | |||
+ | AllowLookup – true or false – Displays the Lookup button to search for username by surname, forename | ||
+ | |||
+ | ConfirmDisplayName – true or false – Gets the display name from the user object and asks user to confirm it is correct, | ||
+ | before completing the password change. (E.g. where username is number) | ||
+ | |||
+ | AutoCompleteLDAPPath – RootDomain or LDAP Path – If configured sets the auto complete to only autocomplete usernames from a specific root OU, | ||
+ | e.g. Students, and example would be LDAP://OU=Students,OU=Users,OU=Curric,DC=domain,DC=local | ||
+ | |||
+ | ForceDNSDomain – Default or DNSDomain – If set to domain.local it forces the tool to use that domain in a multi-domain environment. | ||
+ | If Default it will use the default domain detected. | ||
+ | |||
+ | Save the settings.xml file | ||
+ | |||
+ | If you require alternative settings for different users, you can create multiple .xml’s containing your required settings, | ||
+ | and reference them from the shortcut using the customxml switch as below. | ||
+ | |||
+ | BCXChangePassword.exe customxml students.xml | ||
===Deploy the Tool=== | ===Deploy the Tool=== |
Revision as of 15:32, 21 July 2020
This [free application] provides the facility to allow non-admin users to change the passwords of other users, for example, allowing teaching staff to change students passwords.
Once configured correctly, it is as simple as typing in the username, and then entering a new password.
Contents
Installation Instructions
Please note this tool and these instructions are provided free of charge. They are provided “as is” and come with no warranty, guarantee or support. Burconix Ltd accepts no liability for any damage caused to your network as a result of installing or using this tool.
Create a new folder and extract the download to a shared area on your network, for example: '\\Server\Apps\BCXChangePassword'
Image showing a file share location
When you open the BCX Change Password utility, a security warning may be displayed.
To unblock the application; right click the BCXChangePassword.exe file, select “Properties”, under the “General” tab towards the bottom will be a security warning along with a button marked “Unblock”. Click this and then click OK, the security warning should no longer be displayed.
Image showing a file properties unblock
By default Domain Admins will have rights to change any user password.
However you might want to allow certain users to reset passwords for users in certain OU containers.
Delegate Rights for Users
In order to allow non-admin users to use the tool, we need to delegate rights for them. In the following example we will create a security group called 'Reset Student Passwords'. Anyone who is then a member of this group will be able to reset the passwords for the student users.
Note : you could skip the 'Reset Student Passwords' and use an existing 'Group' instead, but for more control we would recommend creating a separate group, and then adding the required members
Logon to a domain controller or admin station and open 'Active Directory Users and Computers'. Right Click on your 'Groups' OU and Create a Security Group called 'Reset Student Passwords'
Image showing create group
Add a user to this group who you want to be able to reset passwords.
Select your new group, right click properties. Click the Tab Members, and then Add to add users into the group.
Image showing group add members
Next we need to grant this group the permission to change Student Passwords.
Navigate to your Student User Container/or OU and right click and select Delegate Control
Image showing aduc delegate
Next on the Wizard, add your “Reset Student Passwords” group and click next
Image showing aduc delegate wizard
Check “Reset User Passwords and force password change on next logon”, Check "Read all User Properties" and click next.
Image showing aduc delegate wizard tasks
Check the summary and click Finish to confirm changes.
If you are wanting to use the advanced "Unlock Account" function (requires a paid licence) follow instructions here to delegate further rights
Cofiguring Tool Settings
From the folder you extracted the download to, open the settings.xml in notepad and configure the following settings as desired:
AllowBlankPW – true or false – Allows a user to set a blank password (clear password)
AllowUserMustChangeOnLogon – true or false – Allows a user to check the user must change password on next logon box
AutoComplete – true or false – Autocomplete the username as the user starts to type
AllowLookup – true or false – Displays the Lookup button to search for username by surname, forename
ConfirmDisplayName – true or false – Gets the display name from the user object and asks user to confirm it is correct, before completing the password change. (E.g. where username is number)
AutoCompleteLDAPPath – RootDomain or LDAP Path – If configured sets the auto complete to only autocomplete usernames from a specific root OU, e.g. Students, and example would be LDAP://OU=Students,OU=Users,OU=Curric,DC=domain,DC=local
ForceDNSDomain – Default or DNSDomain – If set to domain.local it forces the tool to use that domain in a multi-domain environment. If Default it will use the default domain detected.
Save the settings.xml file
If you require alternative settings for different users, you can create multiple .xml’s containing your required settings, and reference them from the shortcut using the customxml switch as below.
BCXChangePassword.exe customxml students.xml
Deploy the Tool
Additional Features
The additional features below require a paid for Licence to unlock
Password Audit
Unlock Account
Password Complexity
Show Account Picture
Personalise Tool
Return to Contents page