3.1.5.13.6 SamrSetDSRMPassword (Opnum 66)
The SamrSetDSRMPassword method sets a local recovery password.
-
long SamrSetDSRMPassword( [in] handle_t BindingHandle, [in, unique] PRPC_UNICODE_STRING Unused, [in] unsigned long UserId, [in, unique] PENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword );
BindingHandle: An RPC binding handle parameter, as specified in [C706] section 1.
Unused: A string value. This value is not used in the protocol and is ignored by the server.
UserId: A RID of a user account. See the message processing later in this section for details on restrictions on this value.
EncryptedNtOwfPassword: The NT hash of the new password (as presented by the client) encrypted according to the specification of ENCRYPTED_NT_OWF_PASSWORD, where the key is the UserId.
Upon receiving this message, the server MUST process the data from the message subject to the following constraints:
The client MUST be a member of the Administrators alias, which is an alias object with the security identifier (SID) S-1-5-32-544.
On a non-DC configuration, the server MUST return an error code.
The server MAY<70> enforce parameter checks on the UserId parameter.
The server MAY<71> decrypt EncryptedNtOwfPassword using UserId as a key and use the result to store the password of a local recovery account.