Friday, November 2, 2012

SpecOps Password Policy Tool Munge

OK, you are using a password policy product like the one from SpecOPS. You are a domain admin and you need to reset a password to the same password despite the history requirements that have been set up.

Firstly, this is not a hack. I do not need this to be a hack because I am a domain admin so quit the giggling.

This is how you do it.

  1. Place your ADUC tool into container mode by selecting "Users, Contacts, Groups and Computers as Containers" in the VIEW menu.
  2. Refresh
  3. Highlight the user object you want to change in the left-hand pane and expand by clicking on the '+' icon.
  4. In the right hand pane you should see a leaf object named 'Specops-Spp-pwdHistory'. This is the container that hold your password history.
  5. Seize ownership
  6. Give yourself FULL CONTROL to that object.
  7. Refresh
  8. Delete the object
  9. Right-click on the object and reset it's password to a temporary one. You cannot yet change it to itself since changing a password to itself does not require a password history, the shim will detect and prevent that.
  10. Refresh
  11. Seize ownership
  12. Give yourself FULL CONTROL to that object.
  13. Refresh
  14. Delete the object
  15. Right-click on the object and reset it's password to what you want.
Cheers!

No comments:

Post a Comment