Reputation: 43
Changing user's password from console application
I'm writing a small C# (.NET 4) application that will run as a replacement for the user's "Shell" when logging in to Windows Server 2012. Amongst other things, I'd like to offer the user the chance to change the password of their own local account.
Using the following code ..
DirectoryEntry directory = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");
DirectoryEntry userEntry = directory.Children.Find(username);
userEntry.Invoke("SetPassword", new object[] { newPassword });
userEntry.CommitChanges();
... works fine if the code is launched from an elevated command prompt. However, as the Shell replacement runs as a "normal" application, I get an
Access is denied
exception when the code runs, even if the user is set as a local administrator.
Is there any code or mechanisms I can use to programatically set the users own local account passwords without having to elevate? Or (and I'm aware this is maybe more a ServerFault question:) any way to run the "replacement shell" as an elevated process without having to disable UAC?
Upvotes: 0
Views: 1087
Answers (3)
Reputation: 3329
Add a Manifest to your Assembly to get past the UAC (User Account Control)
In VS2010 you can add the manifest file to your project. Right click your project file on the Solution Explorer, select Add, then New item. There you can find Application Manifest File.
Modify it so that you get one of the following:
- Normal
- Highest Available (Depanding on the user permissions)
- Admin Rights
There are also 2 tools that came with VS2010 that you can use for that:
- MageUI.exe (Manifest Generation and Editing Tool, Graphical Client)
- Mage.exe (Manifest Generation and Editing Tool, Command Line)
Upvotes: 0
Reputation: 5328
It's a bit of a bodge, but have a look at this page (although it's from the Vista era it's still relevant).
The idea is you create a scheduled task with embedded credentials to run the application with sufficient credentials but don't actually schedule the task to run. You can then run it on-demand (e.g. during login) with:
\windows\system32\schtasks.exe /run /tn "task name"
As I say: a bodge, but it might be sufficient for your requirements - the program will run with administrator permissions without prompting for UAC.
EDIT: I've just tried this on Server 2012, and for some reason I can't get a test console app running interactively (i.e. so the user can see the program running). I might just be me, but it could be that behaviour has changed in Server 2012 and this trick might not be suitable for your needs if you need to interact with the user.
Upvotes: 1
Reputation: 1150
Change of user's password is a high-privilege operation as you would not want any malicious code from wiping out your existing credentials without your knowledge. You can execute your program from command prompt by using
runas /user:<a-priviliged-user> <your-program>.exe. It will ofcourse prompt you to enter the priviliged-user's password.
Upvotes: 2
Related Questions
- Change Password of a local windows user
- How to change a users password in Linux using C#
- How can I update password using C#?
- how to change password to user account, by c# code?
- C# Change password and lock the account
- validating and changing a user's password
- Change User Password in ASP.NET Forms Authentication
- Impersonation against UAC setting password in code
- change the asp.net user password while retrieving current password
- Change remote password (in code, .Net 3.5)