Change Password from Kiosk PC?

[Anonymous]

Environment here:
XP Pros w/NT 4.0 Domain. A lot of public PCs auto-logged
in as a generic account.

Need to:
Allow users to change their individual domain accounts
from public PCs

Problem:
Unless you are a Domain Admin, you can't change any other
user's password other than the one you're currently logged
in as EVEN IF you have the correct current password and
you change the user to the desired user name (accessing
Change Password from the CTRL/ALT/DEL window).

Any idea how I can allow this?

Thanks!!!!

Mike

 

[Chris Holden]

Environment here:
XP Pros w/NT 4.0 Domain. A lot of public PCs auto-logged
in as a generic account.

Need to:
Allow users to change their individual domain accounts
from public PCs

Problem:
Unless you are a Domain Admin, you can't change any other
user's password other than the one you're currently logged
in as EVEN IF you have the correct current password and
you change the user to the desired user name (accessing
Change Password from the CTRL/ALT/DEL window).

Any idea how I can allow this?

Thanks!!!!

Mike

Of course you cannot change another user's password unless you are a domain
admin!
That's kind of the point...
If what you want is to change the password of the logged in user (a
different kettle of fish) you need to ensure that the domain user account
allows the user to change passwords (on the NT server> Start> Administrative
tools Common> User Manager for Domains... Of course unless youare a domain
admin you cannot do this.
Chris

 

[Mike]

-----Original Message-----
Of course you cannot change another user's password unless you are a domain
admin!

Yeah, but the fact there's a space in there to put in your
existing password IS verification in itself that you are
THAT user. Domain Admin or not. I understand why it
works as it does, it's more secure. But the fact remains -
I have roaming users and a majority of the workstations
are public - and those roaming users need to be able to
change their passwords. I need to allow them from those
Kiosk machines to validate themselves (ie. "current
password:") and let them make the change.

This is no different than an ATM. I don't need to be a
Bank Manager to use an ATM, right?

Even a third party app I guess would suffice, an interface
they could bring up to manage their domain passwords.

Thanks,

Mike

 

[Chris Holden]

Yeah, but the fact there's a space in there to put in your
existing password IS verification in itself that you are
THAT user. Domain Admin or not. I understand why it
works as it does, it's more secure. But the fact remains -
I have roaming users and a majority of the workstations
are public - and those roaming users need to be able to
change their passwords. I need to allow them from those
Kiosk machines to validate themselves (ie. "current
password:") and let them make the change.

This is no different than an ATM. I don't need to be a
Bank Manager to use an ATM, right?

Even a third party app I guess would suffice, an interface
they could bring up to manage their domain passwords.

Thanks,

Mike

If the user can log in at the kiosk and they have the necessary permission
to change their own password, they will be able to do so, but they must log
in to authenticate themselves to the domain.
But of course you are saying that the kiosk machines stay logged in as say a
'guest' or some other account all the time? If that's the case what you want
is not an option. If you have a terminal server and enough licenses for it,
it should be possible for the users to log in to the domain via a terminal
(from the kiosk) and thus change their password, but on plain NT4 it's not
an option.
Chris

 

[Mike]

-----Original Message-----



If the user can log in at the kiosk and they have the necessary permission
to change their own password, they will be able to do so, but they must log
in to authenticate themselves to the domain.
But of course you are saying that the kiosk machines stay logged in as say a
'guest' or some other account all the time? If that's the case what you want
is not an option. If you have a terminal server and enough licenses for it,
it should be possible for the users to log in to the domain via a terminal
(from the kiosk) and thus change their password, but on plain NT4 it's not
an option.
Chris

Yep, that's how it is - logged in as a guest type account
with the Log Off option restricted, because the
profiles/programs do not work with just any user logged
in, and we don't want people logging in as themselves and
disabling the computer, then walking away - hosing it for
the rest of the people.

You say "with plain NT4" though - what options will AD
bring to this - any? We are converting to AD here in the
next couple of weeks, and was wondering if that would give
us more options - ??

Thanks for your comments Chris.

Mike

 

[Chris Holden]

SNIP

Yep, that's how it is - logged in as a guest type account
with the Log Off option restricted, because the
profiles/programs do not work with just any user logged
in, and we don't want people logging in as themselves and
disabling the computer, then walking away - hosing it for
the rest of the people.

You say "with plain NT4" though - what options will AD
bring to this - any? We are converting to AD here in the
next couple of weeks, and was wondering if that would give
us more options - ??

Thanks for your comments Chris.

Mike

Sorry, I can't think of a way to do it. If it could be done it would be a
security risk if it could be done from a guest account.
Chris