SHIPS icon indicating copy to clipboard operation
SHIPS copied to clipboard

Published 20 hours ago verified publisher icon trustedsec

Local administrator password couldn't be changed

Open amencheng opened this issue 9 years ago • 0 comments
trafficstars

I configured my system but the password of a PC's local administrator wasn't changed. My configuration as below:

**On SHIPS server:*

  • I modify the /opt/SHIPS-master/etc/conf as below:

    _app: syslog: true sessionTimeout: 300 foreground: true superUserIdent: root superUserIdent: IdentSQLite

    superUserIdent: IdentLDAP

    superUserToken: "1"

    ACLAuthorsIdent: IdentLDAP

    ACLAuthorsIdent: IdentSQLite

    ACLAuthorsToken: S-1-5-21-3882956444-149478881-1526783422-2116

    ACLAuthorsToken: "1" defaultLoginIdent: IdentLDAP allowedLoginIdents:

    • IdentSQLite
    • IdentLDAP

devices: length: 8 age: 1

identityOptions:

exampleOption: exampleValue

identLDAP_host: <LDAP_server_IP> identLDAP_port: 389

identLDAP_encryption: simple_tls

identLDAP_user_base: dc=abc,dc=com identLDAP_group_base: ou=<OU_1_name>,ou=<OU_2_name>,dc=abc,dc=com identLDAP_name_attribute: sAMAccountName identLDAP_group_class: group identLDAP_user_class: user identLDAP_token_attribute: objectSid identLDAP_group_attribute: memberOf identLDAP_user_attribute: "member:1.2.840.113556.1.4.1941:" identLDAP_group_required: ou=<OU_name>,dc=abc,dc=com identLDAP_username: uid=<LDAP_user_name>,ou=<OU_name>,dc=abc,dc=com
identLDAP_password: <LDAP_user_name_password> identDevice_default_folder: 2 identDevice_validators:_

  • I create ACL for group "SHIPS Users" with read & write permissions
  • I create a new folder named 'Devices" and add the ACL above to it
  • I create a new document inside folder 'Devices' and input the information of the PC I want to change password. Information as below:
    • Name: the_PC_name
    • ACL: ACL created above
    • Tick on the checkboxes "Secure Document Storage" and "Device that will rotate passwords"
    • Expiration time: 1 day
    • User name: the PC's local administrator
    • URL: the_PC_IP_address
    • Password: the PC's local administrator current password

**On the PC:*

  • I copy the SetAdminPass.vbs to location: C:\password and modify it to following: QUERYSTRING = "https://SHIPS_server_IP/password?" 'secure=secure&folder=2& HISTORYFILE = "C:\password\password_history.txt"
  • I set a schedule to run this script file hourly

However, with all above configurations, the password of that PC's local administrator hasn't been changed. Could you please help me on this?

Thanks in advance! Best regards,

amencheng avatar Aug 22 '16 05:08 amencheng