Partager via


3.2.5.14 NetUserPasswordSet2 Command

The Remote Administration Protocol server MUST process the NetUserPasswordSet2Request as follows:

  1. The server MUST validate that the incoming ParamDesc field of the Remote Administration Protocol request contains the ASCII string "zb16b16WW"; if it does not, the server SHOULD format a Remote Administration Protocol response with the Win32ErrorCode set to ERROR_INVALID_PARAMETER (0x0057), and then return the response to the client.<85>

  2. If the input EncryptedPassword parameter is not 0x0000, the Remote Administration Protocol server SHOULD set the Win32ErrorCode value in the Remote Administration Protocol response message to ERROR_INVALID_PARAMETER (0x0057).<86>

  3. The server MUST verify that the old password matches User.Password. If it does not, the server MUST fail the request by creating a Remote Administration Protocol response message with the Win32ErrorCode set to ERROR_ACCESS_DENIED.

  4. The server MUST attempt to change the password for the specified user. This operation SHOULD be executed using the Security Account Manager (SAM) Remote Protocol [MS-SAMR] as follows:

    • The server MUST issue a SamrConnect request as specified in [MS-SAMR] section 3.1.5.1.4, with the following parameters:

      Parameter

      Value

      ServerName

      The name of the local machine

      DesiredAccess

      0x31

    • If this call succeeds, the server MUST issue a SamrLookupDomainInSamServer request as specified in [MS-SAMR] section 3.1.5.11.1, with the following parameters:

      Parameter

      Value

      ServerHandle

      ServerHandle returned from SamrConnect request

      Name

      The name of the local machine

    • If this call succeeds, the server MUST issue a SamrOpenDomain request as specified in [MS-SAMR] section 3.1.5.1.5, with the following parameters:

      Parameter

      Value

      ServerHandle

      ServerHandle returned from SamrConnect request

      DesiredAccess

      0x200

      DomainId

      DomainId returned from SamrLookupDomainInSamServer request

    • If this call succeeds, the server MUST issue a SamrLookupNamesInDomain as specified in [MS-SAMR] section 3.1.5.11.2, with the following parameters:

      Parameter

      Value

      DomainHandle

      DomainHandle returned from SamrOpenDomain request

      Count

      1

      Names

      NetUserGetInfoRequest.UserName

    • If this call succeeds, the server MUST issue a SamrOpenUser request as specified in [MS-SAMR] section 3.1.5.1.9, with the following parameters:

      Parameter

      Value

      DomainHandle

      DomainHandle returned from SamrOpenDomain request

      DesiredAccess

      0x0040

      UserId

      RID returned from SamrLookupNamesInDomain request

    • If this call succeeds, the server MUST issue a SamrChangePasswordUser request as specified in [MS-SAMR] section 3.1.5.10.1, with the following parameters:

      Parameter

      Value

      UserHandle

      UserHandle returned from SamrOpenUser

      LmPresent

      TRUE

      OldLmEncryptedWithNewLm

      ENCRYPTED_LM_OWF_PASSWORD as specified in [MS-SAMR] section 2.2.7.3, calculated by taking a hash of OldPassword received in the NetUserPasswordSet2Request request, using the hashing algorithm specified in [MS-SAMR] section 2.2.11.1.1 using OldPassword as a 16-byte key

      NewLmEncryptedWithOldLm

      ENCRYPTED_LM_OWF_PASSWORD as specified in [MS-SAMR] section 2.2.7.3, calculated by taking a hash of NewPassword received in the NetUserPasswordSet2Request request, using the hashing algorithm specified in [MS-SAMR] section 2.2.11.1.1 using NewPassword as a 16-byte key

      NtPresent

      FALSE

      OldNtEncryptedWithNewNt

      NULL

      NewNtEncryptedWithOldNt

      NULL

      NtCrossEncryptionPresent

      FALSE

      NewNtEncryptedWithNewLm

      NULL

      LmCrossEncryptionPresent

      FALSE

      NewLmEncryptedWithNewNt

      NULL

  5. If any other errors occur during the response processing, the Remote Administration Protocol server MUST fill in the Win32ErrorCode value in the Remote Administration Protocol response message with the Win32 error code corresponding to the error. Otherwise, the Remote Administration Protocol server MUST set Win32ErrorCode to ERROR_SUCCESS (0X0000).