Changing Passwords on the Command Line
In Mark Minasi's Windows Power Tools, "Rediscover Net User" (May 2006, InstantDoc ID 49704), Mark states that he doesn't know of a command-line tool that would do a password change. Let me point out that issuing the command
dsmod user /?
reveals, among other things, that you can reset a user's password with
dsmod user "CN=John Doe, CN=Users,DC=microsoft,DC=com" -pwd A1b2C3d4 -mustchpwd yes
To reset multiple user passwords to a common password and force the users to change their password the next time they log on, type in
dsmod user "CN=John Doe, CN=Users,DC=microsoft,DC=com" "CN=Jane Doe,CN=Users, DC=microsoft, DC=com" -pwd A1b2C3df -mustchpwd yes
You can locate the distinguishedName property and pipe it into dsmod user with dsquery user by typing
dsquery user -name "John Doe" | dsmod user -pwd A1b2C3d4 -mustchpwd yes
Unique Security Features Not So Unique
In Paul Thurrott's article "What You Need to Know About . . . Windows Vista x64 Versions' Unique Security Features" (August 2006, InstantDoc ID 50522), one of the feature's Paul mentions isn't unique to the 64-bit version of Vista and two aren't unique to Vista in general. Specifically, Address Space Layout Randomization (ASLR) is also present on 32-bit Vista. For more information, see Michael Howard's Web Log at http://blogs.msdn.com/Michael_howard/archive/2006/05/26/608315.aspx. Hardware data execution prevention (DEP) is also supported both on 32-bit and 64-bit Windows XP systems that have no-execute memory management support in the hardware and was first introduced in XP SP2. For more information, see the Microsoft article about DEP at http://support.microsoft.com/kb/875352. PatchGuard was introduced in Windows XP and Windows Server 2003 SP1 for x64 systems. For more information, see "Patching Policy for x64-Based Systems," at http://www.microsoft.com/whdc/driver/kernel/64bitpatching.mspx. In addition, the inclusion of digital signing for all kernel-mode code on Vista isn't for reliability but to require accountability for powerful, system-trusted code. No reliability test or oversight is required to sign a driver for 64-bit Vista; you simply need to obtain a signing certificate from one of several certificate authorities (see "Digital Signatures for Kernel Modules on x-64 Based Systems Running Windows Vista at http://www.microsoft.com/whdc/system/platform/-64bit/kmsigning.mspx for more information). The belief is that malware authors won't be able or willing to obtain signatures, and if they do, their code will be traceable.
Windows Live OneCare Antispyware?
In his article "Top 10: Windows Live OneCare" (June 2006, InstantDoc ID 50007), Michael Otey states that Windows Live OneCare doesn't include antispyware protection. I checked the link that Michael provides, http://www.windows onecare.com, and discovered that Microsoft is passing off OneCare as containing antispyware protection. That information is deceiving because if you read further on the Microsoft site, the statement is made that OneCare integrates Windows Defender. You have to read the fine print. Thank you for Michael's review of OneCare. It is helpful.