Archive
Reset a Linux password from a live CD
Usually any Linux live CD will work. In my case since the installed version of Linux is Mint, I’m just booting to the Mint installation DVD which will by default launch a live session.
- Boot to live CD.
- Open terminal.
- Find the drive with OS installed. (It’s usually /dev/sda1)
sudo fdisk –l
- Create a temporary directory. It’s only virtual since the live CD runs in memory.
sudo mkdir /mnt/sda1
- Mount the OS drive to the virtual directory.
sudo mount /dev/sda1 /mnt/sda1
- Change the terminal root to the mounted drive.
sudo chroot /mnt/sda1
- Change the password.
passwd john
- Type the new password twice.
- Exit chroot.
exit
- Unmount the drive.
sudo umount /mnt/sda1
- Remove Live CD & reboot.
Users not receiving email about an expiring password
WARNING – This post deals with making bulk changes to Active Directory. Proceed at your own risk.
I’ve been using the script (with a few tweaks) from http://rlmueller.net/PasswordExpires.htm to send users an email notification when they are within the configured Prompt user to change password before expiration policy. It works great but every once in a while a user would call because their password had expired & they did not receive the email. Over time occasionally that same user or a few other ones would call with the same issue.
Finally, one day another user called describing the same thing. Time to get to bottom of this one. I took a look at the user’s Active Directory account & sure enough the pwdLastSet attribute was over 90 days old. I took my script & modified it so I could just see the results without sending any emails. Your results with the original script may vary but at a minimum comment out the line that sends the email & instead pipe the output to the console.
# SendEmail $Mail $Notice
Write-Host $Name”,”$PwdExpiresDays
Sure enough when I ran it the user reporting the issue was not showing up in the results.
The script filters the results a little as noted below.
$Searcher.Filter = “(&(objectCategory=person)(objectClass=user)” `
+ “(pwdLastSet>=” + $($64Bit1) + “)” `
+ “(pwdLastSet<=” + $($64Bit2) + “)” `
+ “(!userAccountControl:1.2.840.113556.1.4.803:=2)” `
+ “(!userAccountControl:1.2.840.113556.1.4.803:=65536)” `
+ “(!userAccountControl:1.2.840.113556.1.4.803:=32)” `
+ “(!userAccountControl:1.2.840.113556.1.4.803:=48))”
So I modified the filter (see below) to just show all users & ran it again. This time the user having the issue showed up.
$Searcher.Filter = “(&(objectCategory=person)(objectClass=user))”
So at least now I know the script is working but for some reason the user is being filtered out. I add each filter back one at a time to figure out which one is causing the user to be excluded. I skip over the two pwdLastSet filters because the account is already at 0 so that could cause it to not show up. So now my filter looks like this:
$Searcher.Filter = “(&(objectCategory=person)(objectClass=user)” `
+ “(!userAccountControl:1.2.840.113556.1.4.803:=2))”
The user still shows up. On to the next one.
$Searcher.Filter = “(&(objectCategory=person)(objectClass=user)” `
+ “(!userAccountControl:1.2.840.113556.1.4.803:=2)” `
+ “(!userAccountControl:1.2.840.113556.1.4.803:=65536))”
Still there…next.
$Searcher.Filter = “(&(objectCategory=person)(objectClass=user)” `
+ “(!userAccountControl:1.2.840.113556.1.4.803:=2)” `
+ “(!userAccountControl:1.2.840.113556.1.4.803:=65536)” `
+ “(!userAccountControl:1.2.840.113556.1.4.803:=32))”
Bingo! The user isn’t showing up. So I do a little checking & find that !userAccountControl:1.2.840.113556.1.4.803:=32 will exclude users that aren’t required to have a password. Huh? Now why would any of my user accounts be configured to NOT require a password? So that begs the question, how many users are configured like this? I run the following Powershell command. The results will vary depending on your environment but suffice to say you do not want a lot. (Hint hint some may legitimately need to be configured like this.)
Get-ADuser -LDAPFilter “(userAccountControl:1.2.840.113556.1.4.803:=32)” | Select-Object name
You can even see this by looking at the userAccountControl attribute in AD & see that it is set to PASSWD_NOTREQD | NORMAL_ACCOUNT.
In all my years I’ve never seen this before so I did a little digging & ran across this TechNet post.
Long story short, a long time ago when “someone” migrated user accounts they may have done it wrong.
But enough pointing fingers, how to fix it. Use the Set-ADUser command to set the user’s PasswordNotRequired flag to $false.
Set-ADUser -Identity jsmith -PasswordNotRequired $false
I’ll leave it up to you how you want to modify all the affected users. Just be careful as there may be a legitimate account that needs this setting. Again, proceed at your own risk. I just filtered based on OU.
Get-ADuser -LDAPFilter “(userAccountControl:1.2.840.113556.1.4.803:=32)” -SearchScope Subtree -SearchBase “OU=Company,DC=contoso,DC=com” | Set-ADUser -PasswordNotRequired $false
Reset Password on Canon iR3230
- Press Additional Functions.
- Press 2 & 8 at the same time.
- Press Additional Functions.
- Press Copier.
- Press Function.
- Press Clear.
- Press PWD-CLR.
- Press OK.
Linksys WAP54G
Default IP is 192.168.1.245/24.
Default username is blank.
Default password is admin.
How to Reset a Forgotten BlackBerry Administration Service Password
- Open SQL Server Management Studio Express.
- Navigate to the BESMgmt database.
- Navigate to the dbo.BASUsers table.
- Right click dbo.BASUsers & select Open Table.
- Find the row with System Administrator as the DisplayName.
- Copy the current contents on the LoginPassword field to a temporary location.
- Paste -68c35389cf7c4cc4207a6df87216de44 into the LoginPassword field.
- Close the table.
- Now login to the BAS website using P@ssw0rd as the password.
- Click Manage Users.
- Click Search to return all users.
- Click System Administrator.
- Click Edit user.
- Click on the wrench to the right of the password.
- Type the new password twice then click the green check mark.
- Click Save All.
Visitors
Patrick's Blog 