3

I'm writing a C++ program to manage user accounts on Windows 7.

I would like to set the password for an existing user account.

I cannot use NetUserChangePassword (Netapi32.dll) since I don't record previous password that I set when creating the user.

So, the program must be able to just set a new password (without knowing the old password).

Is there a way to do that programmatically in c++?

Thank you for your help.

daryal
  • 14,643
  • 4
  • 38
  • 54
user1958176
  • 41
  • 1
  • 4
  • 6
    Yes this security hole was specially inserted into Windows to allow for this use case . – RedX Jan 08 '13 at 13:07
  • 1
    Well, even though I love sarcasm, on Linux, the root user can change any password without knowing the old one ;). Maybe there's something similar in Windows. – mfontanini Jan 08 '13 at 13:08
  • Take a look at [NetUserSetInfo](http://msdn.microsoft.com/en-us/library/windows/desktop/aa370659\(v=vs.85\).aspx) – Dustin Kingen Jan 08 '13 at 13:09
  • Any administrator account can do this on windows as well... I don't think it unreasonable to ask for a programatic way. – Jens Jan 08 '13 at 13:10
  • @mfontanini A win7 administrator can change another user's password but doing it without the original password can wreak havoc on the account (previously EFS encrypted files are no longer accessible to the user, personal certificates are trashed, and stored passwords are erased). – J... Jan 08 '13 at 13:11
  • It sounded like he was trying to do it with a regular user user account without special permissions. – RedX Jan 08 '13 at 13:14

1 Answers1

5

Call NetUserSetInfo with the level parameter set to 1003.

Jens
  • 25,229
  • 9
  • 75
  • 117
Rob Kennedy
  • 161,384
  • 21
  • 275
  • 467
  • 3
    I think it should be stressed that calling `NetUserSetInfo` without supplying the original password will make that user's EFS encrypted files (if they have any) inacessible. The only way to avoid this is to have previously backed up the EFS certificate or to reinstate the old password by the same method. For a lot of users EFS is not a concern, but for those who use it it can be a real headache. – J... Jan 08 '13 at 13:23