Difference between revisions of "BCX Change Password"
m |
|||
| Line 108: | Line 108: | ||
===Deploy the Tool=== | ===Deploy the Tool=== | ||
| + | Before you Deploy the Tool, check that your users have access to run the exe from your extract location. | ||
| + | Go to '\\Server\Apps\BCXChangePassword', right click on the directory, Properties and click Security. | ||
| + | “Reset Student Passwords” need Read and Execute, then inherited System and Administrators Full Control. | ||
| + | |||
| + | Note that standard users should not have modify/delete access to this location as they could modify the settings we have just configured. | ||
| + | Click Edit to change permissions. | ||
| + | |||
| + | [[File:bcx change password permissions.png|link=]] Image showing properties security reset students password group permissions | ||
| + | |||
| + | |||
| + | Now make a shortcut available to your users either on the desktop/start menu. | ||
| + | Or alternately create a shortcut from a shared area. | ||
| + | |||
| + | Shortcut to: \\server\Apps\BCXChangePassword\BCXChangePassword.exe | ||
| + | |||
| + | |||
| + | [[File:bcx change password shortcut.png|link=]] Image showing create shortcut | ||
| + | |||
| + | |||
| + | Installation Complete | ||
| Line 116: | Line 136: | ||
===Password Audit=== | ===Password Audit=== | ||
| + | Note – These instructions assume that the BCX Change Password Tool is installed and working on your system. | ||
| + | |||
| + | This program generates an audit log of the usage of the BCX Change Password Tool, | ||
| + | and can be installed on any member server (2003/2003R2/2008/2008R2/2012) in the domain. | ||
| + | We recommend using the server that BCX Change Password is installed on. | ||
| + | |||
| + | Please note if you use the Window’s firewall on the server please enable inbound traffic on port 9054 on all profiles. | ||
| + | |||
| + | Within C:\Program Files\ create a BCX folder (if it doesn’t already exist) and within that create a folder called ChangePasswordAudit. | ||
| + | Please use the same folder path for 32 bit or 64 bit operating systems. | ||
| + | |||
| + | |||
| + | [[File:bcx change password audit path.png|link=]] Image showing create folder | ||
| + | |||
| + | |||
| + | So the path of this folder is C:\Program Files\BCX\ChangePasswordAudit\ Into this folder copy all the files from the zip file. | ||
| + | |||
| + | |||
| + | [[File:bcx change password audit copy files.png|link=]] Image showing folder contents | ||
| + | |||
| + | |||
| + | In the folder C:\Program Files\BCX\ChangePasswordAudit, | ||
| + | Run the Setup – Install.cmd (you may receive a security warning, press run). | ||
| + | At the prompt press any key. On completion the following lines should now be displayed. | ||
| + | |||
| + | |||
| + | [[File:bcx change password audit install.png|link=]] Image showing install complete window | ||
| + | |||
| + | |||
| + | Pressing any key will close the window. When prompted click Yes to start the service in debug mode. | ||
| + | The debug window will display a few lines of text as the service starts up, the word “Ready” should be displayed at the bottom. | ||
| + | This window can now be closed, press Yes when prompted to restart the service in Normal mode to complete the install. | ||
| + | |||
| + | To configure BCX Change Password Audit, open the location of the BCXChangePassword.exe, | ||
| + | (This could be something like \\Server\Apps\BCXChangePassword\). Right Click the settings.xml file and choose Edit | ||
| + | |||
| + | |||
| + | [[File:bcx change password audit settings.png|link=]] Image showing location of settings rc edit | ||
| + | |||
| + | |||
| + | Scroll down through the file until you find the following lines: - In here copy and paste your licence you received from Burconix Ltd. | ||
| + | |||
| + | |||
| + | [[File:bcx change password audit license.png|link=]] Image showing settings license entry | ||
| + | |||
| + | |||
| + | Next scroll down through the file until you find the following lines: - In here type the NetBIOS name of the server you installed the audit software on. | ||
| + | |||
| + | |||
| + | [[File:bcx change password audit netbios.png|link=]] Image showing settings license entry | ||
| + | |||
| + | |||
| + | Once this is done all logs will be stored within the C:\Program Files\BCX\ChangePasswordAudit\LogData in both txt and csv format. | ||
| + | |||
| + | |||
| + | [[File:bcx change password audit log data.png|link=]] Image showing log data location | ||
Revision as of 14:29, 22 July 2020
This [free application] provides the facility to allow non-admin users to change the passwords of other users, for example, allowing teaching staff to change students passwords.
Once configured correctly, it is as simple as typing in the username, and then entering a new password.
Contents
Installation Instructions
Please note this tool and these instructions are provided free of charge. They are provided “as is” and come with no warranty, guarantee or support. Burconix Ltd accepts no liability for any damage caused to your network as a result of installing or using this tool.
Create a new folder and extract the download to a shared area on your network, for example: '\\Server\Apps\BCXChangePassword'
Image showing a file share location
When you open the BCX Change Password utility, a security warning may be displayed.
To unblock the application; right click the BCXChangePassword.exe file, select “Properties”, under the “General” tab towards the bottom will be a security warning along with a button marked “Unblock”. Click this and then click OK, the security warning should no longer be displayed.
Image showing a file properties unblock
By default Domain Admins will have rights to change any user password.
However you might want to allow certain users to reset passwords for users in certain OU containers.
Delegate Rights for Users
In order to allow non-admin users to use the tool, we need to delegate rights for them. In the following example we will create a security group called 'Reset Student Passwords'. Anyone who is then a member of this group will be able to reset the passwords for the student users.
Note : you could skip the 'Reset Student Passwords' and use an existing 'Group' instead, but for more control we would recommend creating a separate group, and then adding the required members
Logon to a domain controller or admin station and open 'Active Directory Users and Computers'. Right Click on your 'Groups' OU and Create a Security Group called 'Reset Student Passwords'
Image showing create group
Add a user to this group who you want to be able to reset passwords.
Select your new group, right click properties. Click the Tab Members, and then Add to add users into the group.
Image showing group add members
Next we need to grant this group the permission to change Student Passwords.
Navigate to your Student User Container/or OU and right click and select Delegate Control
Image showing aduc delegate
Next on the Wizard, add your “Reset Student Passwords” group and click next
Image showing aduc delegate wizard
Check “Reset User Passwords and force password change on next logon”, Check "Read all User Properties" and click next.
Image showing aduc delegate wizard tasks
Check the summary and click Finish to confirm changes.
If you are wanting to use the advanced "Unlock Account" function (requires a paid licence) follow instructions here to delegate further rights
Cofiguring Tool Settings
From the folder you extracted the download to, open the settings.xml in notepad and configure the following settings as desired:
AllowBlankPW – true or false – Allows a user to set a blank password (clear password)
AllowUserMustChangeOnLogon – true or false – Allows a user to check the user must change password on next logon box
AutoComplete – true or false – Autocomplete the username as the user starts to type
AllowLookup – true or false – Displays the Lookup button to search for username by surname, forename
ConfirmDisplayName – true or false – Gets the display name from the user object and asks user to confirm it is correct, before completing the password change. (E.g. where username is number)
AutoCompleteLDAPPath – RootDomain or LDAP Path – If configured sets the auto complete to only autocomplete usernames from a specific root OU, e.g. Students, and example would be LDAP://OU=Students,OU=Users,OU=Curric,DC=domain,DC=local
ForceDNSDomain – Default or DNSDomain – If set to domain.local it forces the tool to use that domain in a multi-domain environment. If Default it will use the default domain detected.
Save the settings.xml file
If you require alternative settings for different users, you can create multiple .xml’s containing your required settings, and reference them from the shortcut using the customxml switch as below.
BCXChangePassword.exe customxml students.xml
Deploy the Tool
Before you Deploy the Tool, check that your users have access to run the exe from your extract location. Go to '\\Server\Apps\BCXChangePassword', right click on the directory, Properties and click Security. “Reset Student Passwords” need Read and Execute, then inherited System and Administrators Full Control.
Note that standard users should not have modify/delete access to this location as they could modify the settings we have just configured. Click Edit to change permissions.
Image showing properties security reset students password group permissions
Now make a shortcut available to your users either on the desktop/start menu.
Or alternately create a shortcut from a shared area.
Shortcut to: \\server\Apps\BCXChangePassword\BCXChangePassword.exe
Image showing create shortcut
Installation Complete
Additional Features
The additional features below require a paid for Licence to unlock
Password Audit
Note – These instructions assume that the BCX Change Password Tool is installed and working on your system.
This program generates an audit log of the usage of the BCX Change Password Tool, and can be installed on any member server (2003/2003R2/2008/2008R2/2012) in the domain. We recommend using the server that BCX Change Password is installed on.
Please note if you use the Window’s firewall on the server please enable inbound traffic on port 9054 on all profiles.
Within C:\Program Files\ create a BCX folder (if it doesn’t already exist) and within that create a folder called ChangePasswordAudit. Please use the same folder path for 32 bit or 64 bit operating systems.
Image showing create folder
So the path of this folder is C:\Program Files\BCX\ChangePasswordAudit\ Into this folder copy all the files from the zip file.
Image showing folder contents
In the folder C:\Program Files\BCX\ChangePasswordAudit,
Run the Setup – Install.cmd (you may receive a security warning, press run).
At the prompt press any key. On completion the following lines should now be displayed.
Image showing install complete window
Pressing any key will close the window. When prompted click Yes to start the service in debug mode.
The debug window will display a few lines of text as the service starts up, the word “Ready” should be displayed at the bottom.
This window can now be closed, press Yes when prompted to restart the service in Normal mode to complete the install.
To configure BCX Change Password Audit, open the location of the BCXChangePassword.exe, (This could be something like \\Server\Apps\BCXChangePassword\). Right Click the settings.xml file and choose Edit
Image showing location of settings rc edit
Scroll down through the file until you find the following lines: - In here copy and paste your licence you received from Burconix Ltd.
Image showing settings license entry
Next scroll down through the file until you find the following lines: - In here type the NetBIOS name of the server you installed the audit software on.
Image showing settings license entry
Once this is done all logs will be stored within the C:\Program Files\BCX\ChangePasswordAudit\LogData in both txt and csv format.
Image showing log data location
Unlock Account
Password Complexity
Show Account Picture
Personalise Tool
Return to Contents page