-5

Is there a script or software that would change a user password on a server each day and mail the new password to an email address?

We want to give people limited access to our server but if they are no longer around we don't want them to have access any more (hence the daily password reset).

edit: It is an externally hosted web server (i.e. not hosted on our network) and we are not using active directory.

William Hurst
  • 95
  • 4
  • 5
    Are you using AD? If so, this would be pretty easy, but we need more detail. Other then that, this is a very shitty policy. Are you sure you want this? – Bart De Vos Aug 03 '12 at 18:11
  • @BartDeVos actually, it would be fairly trivial without AD too, but like you said, it's a pretty shitty policy. Like swatting a fly with a monitor. You can do it without much trouble, but... that doesn't make it a good idea. – HopelessN00b Aug 04 '12 at 00:07
  • The server is used to host websites and we use remote desktop to deploy database changes, update files, restart services, etc. When a developer need to do a deployment an administrator logs them in. Unfortunately this means that if an administrator is not around then a deployment can't happen. We are developers, not server admins so we don't have the time or skill to set up complicated deployment procedures. I'm open to other suggestions considering the 'shitty policy' comments. – William Hurst Aug 04 '12 at 08:23
  • Email isn't any kind of private medium. The comparison to a traditional mail service is all well and good but emails are *postcards*, not private and sealed letters. As such, emailing passwords is dreadfully insecure. You should look for inspiration to the services that don't email passwords but instead email a link to the user allowing them to reset their password. – Rob Moir Aug 04 '12 at 08:41

1 Answers1

2

Assuming you have all of the possible passwords in a plaintext list, since you don't care about security anyway it seems. Drop this I to task scheduler and set it for daily:

$passw = Get-Content C:\password_list.txt | Get-Random -Count 1
([adsi]“WinNT://<your local computer name here>/AccountName”).SetPassword(“$passw")


$smtpServer = "yourmailserver.com"
$msg = new-object Net.Mail.MailMessage
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$msg.From = "you@yourdomain.com"
$msg.To.Add("recipient@xxxx.com")
$msg.subject = "Here is your plaintext insecure password"
$msg.body = "Username - $passw"
$smtp.Send($msg)

Now, for the love of everything that you hold dear, DON'T USE THIS!

It's no replacement for proper system management. Everyone that needs privileged access to your servers should have their own account on it, so that they can leave an audit trail behind. Once that person leaves your company, all accounts for that person should be turned off. If you have an Active Directory, that becomes dead simple. If you don't, it becomes a hassle, but a necessary one.

It's bad enough that you want people to share passwords, but it's really bad that you want them emailed in plaintext.

MDMarra
  • 100,734
  • 32
  • 197
  • 329