On Jul 17, 1:57*pm, Shlom <devsh...@gmail.com> wrote:
> Hi,
> I have user Target and Changer on domain (one of the following
> servers: 2000,2003 and 2008)
> In my program (C/C++), I perform a logon via the function
> 'WNetAddConnection2' with *user Changer user and then I call
> 'NetUserChangePassword' with the Target user...
> This works fine, BUT:
> I want to know how is it possible that even a limited user can do such
> an operation (logon via 'WNetAddConnection2' and then change pass with
> 'NetUserChangePassword' for the target user)
> In the MSDN it clearly says:
> "The default ACL permits only Domain Admins and Account Operators to
> call this function. On a member server or workstation, only
> Administrators and Power Users can call this function."
> => how a limited user make this operation succeeded?
>
> Pls let me know what you think.
I using a limited user.
but now I have a bigger issue - pls note:
In the MSDN for NetUserChangePassword there is a note:
"Windows NT: A server or domain can be configured to require a user
to log on before changing the password on a user account. In that
case, only members of the Administrators or Account Operators local
group or the user can change the password for a user account. If logon
is not required, a user can change the password for any user account,
as long as the user knows the current password."
This is the exact scenario I'm having.
I just want to know, why the MSDN specifies only win NT? Is it
possible that this is the behavior for other OS? where can I find a
documentation for that?
tx
|
Similar Threads
Linear Mode
