葡京网投哪个正规 > 联系我们 > 更改客户端administrator密码的几种方法

原标题:更改客户端administrator密码的几种方法

浏览次数:80 时间:2019-11-30

总结和测试了以下几种方法,都是利用微软自己的东西,第一种方法比较适合小环境下使用,第二和第三个方法比较适合有域的环境下使用

  一,How to Use the Cusrmgr.exe Tool to Change Administrator Account Password on Multiple Computers

The default Mac OS X installation has the Unix "root" account disabled. This is generally a good thing, because the casual user does not need all the powers granted to this "superuser" account. But it can be useful to be able to become "root" to fix something. You can follow the instructions below to enable the "root" account, which will make it easier for the "root" user to get a command shell prompt.

  The following .bat file will change the local administrator password to newpass on the pc1, pc2, and pc3 computers:
  cusrmgr.exe -u Administrator -m pc1 -P newpass
  cusrmgr.exe -u Administrator -m pc2 -P newpass
  cusrmgr.exe -u Administrator -m pc3 -P newpass
  To run this .bat file successfully, the user must have administrative privileges on pc1, pc2, and pc3. Also, note that you must use a capital P for the -P switch, because a lowercase p sets the account password to a random string.
  How to Rename the Local Administrator Account and Change the Password
  NOTE: In the following example, the .bat file is named Example2.bat.

You can also use these instructions to remove a root password that you have forgotten, or to reset any user password.

  The following .bat file will rename the local administrator account on pc1 to pc1admin and change the password to a random string.
  cusrmgr.exe -u Administrator -m pc1 -r pc1admin -p
  To run this .bat file successfully, the user must have administrative privileges on pc1. The .bat file will rename the user account, and then change its password.

Making changes like this to the system requires administrative privileges. You will need to know the password for the "Admin" account on your machine. If you do not have that then the only way to get administrative access to the machine is to reboot from an Installation CD and find the menu item for "Password Reset".

  这个命令不太适合域环境下大批量用户使用,使用这个命令的时候,一定要注意P这个参数大小写的区别

Whenever you use the "root" or "Admin" accounts it is a good idea to follow the Principle of Least Privilege. You should only take on the extra privileges to do a particular job, and then release those privileges when you are done. (Your normal, every day user account should not have administrative privileges!)

  二,组策略中启动脚本
  在启动脚本里面可以调用一个BAT文件,BAT文件内容可以如下:net user administrator test

If you just want to perform occasional system administration tasks then you don't really need to enable the "root" account. You can log in as the "Admin" user, open the Terminal application, and give any single command prefixed by thesudo command. Examples of this are shown below.

  这个script脚本默认是隐藏起来的,存放在C:windowssystem32GroupPolicyMachineScriptsStartup下(由于条件受限,我都是在自己的机器上测试,同样适用于域环境)

Since this page first started I have become aware of three different ways to enable the root account. The original way I published is the "detailed" method using NetInfo Manager. It is the same way you would reset any user's password on a NeXT computer (and now Mac OS X as well). There is also a much quicker way to enable the root account using a menu item in NetInfo Manager. (However, NetInfo is not included in MacOS&Nbsp;X 10.6 (Snow Leopard)) Or you can open a command shell in the Terminal application and use the sudo command. Pick the one that works best for you:

  缺点就是用户可以看到这个隐藏的文件,在高安全的环境下可能有点欠缺

[Quick Menu Method] [Quick CLI Method] [Detailed Method]

  三,组策略-管理模板-系统-登陆-“在用户登陆时运行这些程序”

After you have enabled the root account, there are three different ways that you can become "root" to perform system administration tasks.

  显示-添加命令即可

On Becoming root

Whenever you use the "root" or "Admin" accounts it is a good idea to follow the Principle of Least Privilege. You should only take on the extra privileges to do a particular job, and then release those privileges (i.e. go back to using your normal user account).

The sudo command is a good way to do this, because it runs only one command as the "superuser" at a time. For example

% sudo cat /etc/sudoers

will show the contents of the sudoers file, which controls who is allowed to use the sudo command. You will have to give your password for any "sudo" command to work, and your account must be listed in the sudoers file.

If you need to do something which requires more than a single command then you can open a command shell running as "root". You can still use the sudo command to do this. When logged in as the "Admin" user open the Terminal application and give the command

% sudo tcsh

This will spawn a new tcsh command shell running as "root". You can give as many commands as you need, and then type `exit` when you are done.

On MacOS X the "Admin" account is configured so that it is allowed to use the "sudo" command, so you can get by without enabling the "root" account.

The more traditional way to become "root" in Unix is the su command. This will work for the "Admin" user but will fail for a non-privileged user account because of another old Unix custom which is respected by Mac OS X: only members of the "wheel" group are allowed to su to root.

There are two ways around this. First of all, you can use NetInfo Manager (as described below) to add your user account to the "wheel" group. Follow the instructions below to run NetInfo Manager, but select the "groups" map instead of the "users" map. Find the "wheel" group, edit the "users" property, and add the name of your user account to the list.

But there is an easier way. Local users who are not in the "wheel" group cannot su to "root", but can still ssh to the "root" account. Give the command

% ssh root@localhost

and enter the "root" account password and you will have a root shell. Type `exit` when you are done.

Remember, as "root" you should do what needs to be done and then go back to being an unprivileged user.

 

Quick Menu Method, using NetInfo Manager or Directory Utility

This is the easiest method to enable the "root" account on a Mac if you are more of a GUI person. For older versions of Mac OS X you used NetInfo Manager, but for newer Mac's you use the Directory Utility. Either way, once you launch the utility, the proceedures are very similar.

...

NetInfo - (Mac OS X 10.4 or ealier)

If you have version 10.4 or realier then the proceedure is:

  1. Log in on the Admin account.

     

  2. Start the NetInfo Manager application, which is in the Application/Utilities folder:  Macintosh HD -> Applications -> Utilities -> NetInfo Manager.

    If you don't have this in the dock for the Admin account you should probably drag it there. It is very useful for system administration.

     

  3. From the top menu bar pull down the "Security" item and select "Enable root user". You will have to enter the administrator's password to authenticate yourself.

Directory Utility - (Mac OS X 10.4 or later)

For Mac OS X 10.5 and later you can use the Directory Utility instead of NetInfo. For just Mac OS X 10.5 you will find it in the Application/Utilities folder. For Mac OS X 10.6 and later you start the Directory Utility from the System Preferences as follows:

  1. Start System Preferences and select "Accounts".

     

  2. Under the list of users press the "Login Options", and then next to that press the "Join..." button next to Network Account Server. (You will not be joining a network account server, this is just the convoluted way to get to the Directory Utility).

     

  3. Press the button to "Open Directory Utility..."

Once you launch the Directory Utility, however you do it, then enable the root account by doing the following:

  1. Click on the Lock icon and give the Administrator password to authenticate.

     

  2. Pull down the "File" menu to "Enable Root User"

     

  3. Pull down the "File" menu to "Change Root Password..." and enter a good, strong password for the root user.

Quick Method using the Command Line Interface (CLI)

This is the easiest method to enable the "root" account on a Mac if you are more of a Command Line Interface person:

  1. Log in on the Admin account. (Your normal, every day user account should not have administrative privileges!).

     

  2. Open up a command shell in the Terminal application with 
    Macintosh HD -> Applications -> Utilities -> Terminal.

    At the command prompt type this command:

    % sudo passwd root Enter Password: Changing password for root New password: Verify password:

    The first password you are asked for is the already existing password for the Admin account, to prove that you are authorized to make changes to this system. After that, you enter the new root password (twice, for verification). That is all, the "root" account is now enabled, with that password.

Detailed Method using NetInfo Manager

These instructions allow you to enable the "root" account, or to reset the password for any user, not just "root". This only works for Mac OS X 10.4 or earlier, because NetInfo Manager was removed after that.

  1. If you so desire, you can first verify that the "root" user account is indeed locked. One way to do this is to get a shell prompt by running the Terminal application, found at 
    Macintosh HD -> Applications -> Utilities -> Terminal

    At the command prompt type this command:

    % nidump passwd .

    (Don't type the "%" - that represents the Unix command prompt. And don't forget the "dot" at the end, which indicates that the "password" map to be dumped to the screen is the one on this machine, not the password map from a remote server.) You should see a line like this:

    root:*:0:0:System Administrator:/var/root:/bin/tcsh

    The "*" is where the encrypted password for the user would normally go. If the "root" account has a "*" then it is not possible for a user to become "root".

     

  2. To remove the "*" (or any old password) you can run the NetInfo Manager application, which is also in the Utilities folder: 
    Macintosh HD -> Applications -> Utilities -> NetInfo Manager

     

  3. With "/" in the left column select the "users" map in the second column and click on the ""root"" user.

 
  1. Click on the lock icon at the bottom of the window marked "Click to make changes". Enter the administrative password as prompted. You are now free to make changes to the users map.

     

  2. Find the "passwd" property and double click on the value field to alter it (it should contain just the "*", or possibly an old encrypted password). Delete the "*" and make sure there are no spaces left in the value field.

    You cannot simply enter a new password here, because Unix stores an encrypted version of the password in the user database (passwd map). You will need to use the passwd command (step 7 below) to enter a new password.

     

  3. Pull down the "Domain" menu from the top bar and select "Save Changes". Confirm that you really want to make the change. At this point your computer has the root account enabled with no password, which is very dangerous.

     

  4. Get a shell prompt (from the Terminal application, as described in step 1 above). Enter the command:

    % su root

    (Don't enter the %, that represents the Unix command prompt.) When prompted for the password, just hit "return". Then add a password with the `passwd root` command, like so:

    # passwd root Changing password for root New password: Verify password:

    (Don't enter the #, that is the root command prompt on Unix.) The password you type won't be printed on the screen, which is why you are asked to type it twice for verification.

    Be sure to pick a good password for the "root" account. If your computer is connected to the Internet is may be possible for someone to get in to your computer as "root" if you have a weak password. Some useful guidelines for picking a good (or bad) password may be found here.

     

  5. Log out and log in as the "root" user to verify that it worked. If the login screen shows a list of users it won't show the "root" user so you will have to select "Other".

     

  6. It's very useful for the "root" user to have the Terminal application always in the Dock. Here is how to do that:

    • First, start up the Terminal application (Macintosh HD -> Applications -> Utilities -> Terminal)

       

    • Hold down the "control" key as you click on the icon of the Terminal application in the Dock. A menu will appear. Select the item "Keep In Dock".

To disable the "root" account, or any user account, follow the directions above to edit the "user" map with NetInfo Manager, and put a "*" in the passwd field.

References

The GUI proceedures for all versions of Mac OS X are documented by Apple at 

Acknowledgments

Many thanks to all those who have given me feedback on this page, including Stephen Zinn, Damian Drape, and Cary Swoveland

本文由葡京网投哪个正规发布于联系我们,转载请注明出处:更改客户端administrator密码的几种方法

关键词:

上一篇:没有了

下一篇:没有了