Skip navigation

Letters to the Editor - 26 Sep 2006

Changing Passwords on the Command Line
In Mark Minasi's Windows Power Tools, "Rediscover Net User" (May 2006, InstantDoc ID 49704), Mark states that he doesn't know of a command-line tool that would do a password change. Let me point out that issuing the command

dsmod user /? 

reveals, among other things, that you can reset a user's password with

dsmod user "CN=John Doe, 
 -pwd A1b2C3d4 -mustchpwd yes

To reset multiple user passwords to a common password and force the users to change their password the next time they log on, type in

dsmod user "CN=John Doe, 
 "CN=Jane Doe,CN=Users,
 DC=microsoft, DC=com"
 -pwd A1b2C3df -mustchpwd yes 

You can locate the distinguishedName property and pipe it into dsmod user with dsquery user by typing

dsquery user -name "John Doe"
 | dsmod user -pwd A1b2C3d4 -mustchpwd yes 

-Gary MacDonald

Unique Security Features Not So Unique
In Paul Thurrott's article "What You Need to Know About . . . Windows Vista x64 Versions' Unique Security Features" (August 2006, InstantDoc ID 50522), one of the feature's Paul mentions isn't unique to the 64-bit version of Vista and two aren't unique to Vista in general. Specifically, Address Space Layout Randomization (ASLR) is also present on 32-bit Vista. For more information, see Michael Howard's Web Log at Hardware data execution prevention (DEP) is also supported both on 32-bit and 64-bit Windows XP systems that have no-execute memory management support in the hardware and was first introduced in XP SP2. For more information, see the Microsoft article about DEP at PatchGuard was introduced in Windows XP and Windows Server 2003 SP1 for x64 systems. For more information, see "Patching Policy for x64-Based Systems," at In addition, the inclusion of digital signing for all kernel-mode code on Vista isn't for reliability but to require accountability for powerful, system-trusted code. No reliability test or oversight is required to sign a driver for 64-bit Vista; you simply need to obtain a signing certificate from one of several certificate authorities (see "Digital Signatures for Kernel Modules on x-64 Based Systems Running Windows Vista at for more information). The belief is that malware authors won't be able or willing to obtain signatures, and if they do, their code will be traceable.
-Mark Russinovich

See Associated Figure

Windows Live OneCare Antispyware?
In his article "Top 10: Windows Live OneCare" (June 2006, InstantDoc ID 50007), Michael Otey states that Windows Live OneCare doesn't include antispyware protection. I checked the link that Michael provides,, and discovered that Microsoft is passing off OneCare as containing antispyware protection. That information is deceiving because if you read further on the Microsoft site, the statement is made that OneCare integrates Windows Defender. You have to read the fine print. Thank you for Michael's review of OneCare. It is helpful.
-Karl Swenson

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.