How to check user password is set without locking that account?

Question

1.00/5 (1 vote)

See more:

On Windows, I tried to check current logged in user password is checked using Win API LogonUser. I also got the user and domain (using WTSQuerySessionInformationW), after that I passed these username, domain and blank password to function LogonUser. It works as I expected. But my program is a service, and it requires calling check password every 15min. So if in Group Policy Managament, I set the policy Account Lockout ThreshHold to x times. If I call LogonUser function x times, my account is locked. The same thing happens on both workstation and domain environment.

Does anyone have any idea on this issue?

Similar Posts that don't answer question:

How to Detect Empty Password Users[^]

Thanks a lot

Posted 7-Nov-13 20:36pm

ducminh0410

Updated 7-Nov-13 22:23pm

Tejas Vaishnav

v3

Add a Solution

Comments

nv3 8-Nov-13 3:41am

I doubt that there is method of finding an empty password account easily. That would in fact be a security problem, because it would allow attackers equally well to scan for such accounts.

If you want to make sure all your users have a non-blank (and secure) password, do it by setting the group policy accordingly.

ducminh0410 8-Nov-13 4:15am

Thanks a lot for your answer. Herein, I don't try to figure out user password has been set up or not as Server Admin. All I want is find a method/function/solution to detect whether password has been set or not as a feature of my application.
You said that there is method of finding an empty password account easily. Do you know any kind of method like this which can help me?

nv3 8-Nov-13 4:33am

I think you got me wrong. I said: I doubt that there is such a method. And the reason for that doubt is: This would allow an application easily to scan for empty-password accounts, and that would be a security leak.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

**Zoltán Zörgő** · Answer 1 · 2013-11-07T22:31:00

You can query attributes from AD/LADP. I user changes password, an attribute is set. See: http://msdn.microsoft.com/en-us/library/windows/desktop/ms679430(v=vs.85).aspx[^].

As I didn't really got your final goal, this might not be the solution, but than explain your goal properly, since you might address it the wrong way. But I can't imagine any situation where you really have to probe password of any kind.