这个怎么运作 (How it works)
A token is generated for a supplied account with the desired password.
使用所需的密码为提供的帐户生成令牌。
Example of a token: k8vVeIYZeI+6rkvlvw8eLOEnHK2yTcBfHQP4UEZrCgigcagy7+qt969LISkmHH/7CS5KfVWLEZh8cZMzCkVYGw==
令牌示例: k8vVeIYZeI + 6rkvlvw8eLOEnHK2yTcBfHQP4UEZrCgigcagy7 + qt969LISkmHH / 7CS5KfVWLEZh8cZMzCkVYGw ==
This token (an AES-256 encrypted version of the username and the password) is passed to the SecurelySetPassword tool which is executed at start-up via an Active Directory Group Policy.
该令牌(用户名和密码的AES-256加密版本)被传递到SecurelySetPassword工具,该工具在启动时通过Active Directory组策略执行。
The token is decrypted and used to set the password for the specified account to the desired password.
令牌被解密,并用于将指定帐户的密码设置为所需的密码。
步骤1:下载 (Step 1: Download)
Download SecurelySetPassword tool
第2步:创建和测试令牌 (Step 2: Create and Test Token)
1) Run SecurelySetPassword.exe USERNAME PASSWORD (Note how the generated token is different on each run, this is because the value is salted for added security)
1)运行SecurelySetPassword.exe用户名密码 (请注意,每次运行生成的令牌是不同的,这是因为为提高安全性而对值进行了盐化处理)
2) Copy token. It will be used in the implementation steps
2)复制令牌。 将在实施步骤中使用
3) To test the token, run SecurelySetPassword.exe TOKEN (Note for a successful test the user needs to exist)
3)要测试令牌,请运行SecurelySetPassword.exe TOKEN (要成功进行测试,请注意用户必须存在)
步骤3:将SecurelySetPassword.exe复制到网络共享 (Step 3: Copy SecurelySetPassword.exe to a network share)
Copy SecurelySetPassword.exe to a network share accessible by all users (such as NETLOGON share)
将SecurelySetPassword.exe复制到所有用户都可以访问的网络共享(例如NETLOGON共享)
步骤4:实施Active Directory组策略 (Step 4: Implement Active Directory Group Policy)
1) Start Microsoft Group Policy Management Console (GPMC.msc)
1)启动Microsoft组策略管理控制台( GPMC.msc )
2) Create and link a new Group Policy with the desired scope
2)创建并链接具有所需范围的新组策略
3) Browse to Computer Configuration > Preferences > Windows Settings > Files and add a new file object
3)浏览到“ 计算机配置”>“首选项”>“ Windows设置”>“文件”,然后添加一个新的文件对象
4) Set the Source files(s) path to the location of SecurelySetPassword.exe (\\ittelligence.com\NETLOGON\Software\SecurelySetPassword\SecurelySetPassword.exe in my case)
4)将源文件路径设置为SecurelySetPassword.exe的位置(在我的情况下为\\ ittelligence.com \ NETLOGON \ Software \ SecurelySetPassword \ SecurelySetPassword.exe )
5) Set the Destination file to %CommonAppdataDir%\SecurelySetPassword\SecurelySetPassword.exe
5)将目标文件设置为%CommonAppdataDir%\ SecurelySetPassword \ SecurelySetPassword.exe
6) Browse to Computer Configuration > Preferences > Control Panel Settings > Scheduled Tasks and add a new scheduled task object
6)浏览到“ 计算机配置”>“首选项”>“控制面板设置”>“计划任务”,然后添加新的计划任务对象
7) On the Triggers tab create new trigger and set to At startup
7)在“ 触发器”选项卡上,创建新触发器,并将其设置为“ 启动时”
8) On the Actions tab create a Start a program action to %CommonAppdataDir%\SecurelySetPassword\SecurelySetPassword.exe with token as argument
8)在“ 操作”选项卡上, 以令牌作为参数,对%CommonAppdataDir%\ SecurelySetPassword \ SecurelySetPassword.exe创建一个启动程序操作。
I hope you found this tutorial useful. You are encouraged to ask questions, report any bugs or make any other comments about it below.
希望本教程对您有所帮助。 鼓励您在下面提出问题,报告任何错误或对此作出任何其他评论。
Please do not forget to press the "Thumb's Up" button if you think this article was helpful and valuable for EE members.
如果您认为本文对EE成员有用且有价值,请不要忘记按“ Thumb's Up”按钮。
It also provides me with positive feedback. Thank you!
它还为我提供了积极的反馈。 谢谢!
260
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
