CertCities.com -- The Ultimate Site for Certified IT Professionals
Free CertCities.com Newsletter via E-mail Share share | bookmark | e-mail
  Microsoft®
  Cisco®
  Security
  Oracle®
  A+/Network+"
  Linux/Unix
  More Certs
  Newsletters
  Salary Surveys
  Forums
  News
  Exam Reviews
  Tips
  Columns
  Features
  PopQuiz
  RSS Feeds
  Press Releases
  Contributors
  About Us
  Search
 

Advanced Search
  Free Newsletter
  Sign-up for the #1 Weekly IT
Certification News
and Advice.
Subscribe to CertCities.com Free Weekly E-mail Newsletter
CertCities.com

See What's New on
Redmondmag.com!

Cover Story: IE8: Behind the 8 Ball

Tech-Ed: Let's (Third) Party!

A Secure Leap into the Cloud

Windows Mobile's New Moves

SQL Speed Secrets

CertCities.com
Let us know what you
think! E-mail us at:
 
 
...Home ... Editorial ... Columns ..Column Story Monday: December 19, 2011


Windows Security Center  
Derek Melber
Derek Melber
Accessing Advanced User Account Password Information Without Scripting
Derek takes a closer look at AcctInfo.dll, available in Microsoft's free suite of account management tools.
by Derek Melber  
2/16/2005 -- Have you ever needed to track down when a user last logged in? Have you ever wanted to know when a user’s password was set to expire? These are common queries for network and security administrators as well as security auditors.

In case you haven't yet run across it, Microsoft has released a suite of tools that can help you troubleshoot, audit and document password and account lockout information for all users in your domain. The aptly named Account Lockout and Management Tools suite is a free download from Microsoft, available here. While many of the tools are extremly useful, in this column I focus on AcctInfo.dll, one of my favorite in the suite because it provides details about user accounts that used to only be available via a script.

Once downloaded, the suite of tools can be extracted to a folder on any local computer. After you extract and install AcctInfo.dll, you will see a new user’s property tab for each user account listed in Active Directory Users and Computers. The new user property tab is shown in Figure 1.

Figure 1


Figure 1: Additional Account Info tab created by AcctInfo.dll. (Click on image to view larger version.)

To get the DLL to show this new tab, you will copy the AcctInfo.dll file to the System32 folder of the computer where you run the Active Directory Users and Computers to administer domain user accounts. After you copy the DLL to the System32 folder, you will need to register the DLL by typing regsvr32 acctinfo.dll at a command prompt.

There are many ways to access the domain account policy settings, but this new tab also allows you to quickly access the domain account policy. If you click on the Domain PW Info button, you will trigger a new window, which displays the domain account policy information as shown in Figure 2, below.

Figure 2

Figure 2: Domain Account Policy is accessible from within the new Additional Account Info tab. (Click on image to view larger version.)

Another fantastic feature available on the Additional Account Info tab is the ability to reset the password for a user on a domain controller that is in the site associated with the user account. If the password is changed on a domain controller that is a different site than the user, the change might not get to a domain controller in the user’s site for some time (potentially many hours) due to replication latency. You are also able to unlock the user account from this interface, as shown in Figure 3.

Figure 3

Figure 3: You can control password and account status on a domain controller in the user’s site. (Click on image to view larger version.)

As you can see, this simple tool allows you to control and view password and account lockout information for each user without the need for complex scripts. The tool suite is also free and easy to install and use. Be sure not let the other tools in the suite go by without a quick look, especially Alockout.dll, aloinfo.exe and eventcombMT.exe.

Derek Melber manages AuditingWindows.com, the first dedicated Web site for Windows auditing and security. Online training related to Derek's latest book series, "Auditing Windows Security," is available at AuditLearning.org. Derek also provides customized training. Contact Derek at .
 

More articles by Derek Melber:

-- advertisement --


There are 4 CertCities.com user Comments for “Accessing Advanced User Account Password Information Without Scripting”
Page 1 of 1
2/18/05: Mark from Omaha says: acctinfo.dll gives great info! However, the tab is missing when a user account is opened from "Find". Any ideas???
4/27/05: Hans from MI says: When you perform a search for a user through the regular Find function, the results won't let you see this additional information for the user's object. You'll need to manually browse to the user object and then double-click it... why is that? Is there a fix?
7/20/05: Hoang says: I need book Modern Operating Systems. I help you. Thank you!
11/11/06: Leovy Fernandez from Cebu Phillippines says: how to enalbe user advance, becoz ill use to user using crlt alt delete command to logon logoff password protect... hoping your response immediately thanks leovy
Your comment about: “Accessing Advanced User Account Password Information Without Scripting”
Name: (optional)
Location: (optional)
E-mail Address: (optional)
Comment:
   

-- advertisement (story continued below) --

top
Home | Microsoft® | Cisco® | Oracle® | A+/Network+" | Linux/Unix | MOS | Security | List of Certs
Advertise | Contact Us | Contributors | Features | Forums | News | Pop Quiz | Tips | Press Releases | RSS Feeds RSS Feeds from CertCities.com
Search | Site Map | Redmond Media Group | TechMentor Conferences | Tech Library Webcasts
This Web site is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc., Microsoft Corp., Oracle Corp., The Computing Technology Industry Association, Linus Torvolds, or any other certification or technology vendor. CiscoÆ and Cisco SystemsÆ are registered trademarks of Cisco Systems, Inc. Microsoft, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corp. OracleÆ is a registered trademark of Oracle Corp. A+Æ, i-Net+T, Network+T, and Server+T are trademarks and registered trademarks of The Computing Technology Industry Association. (CompTIA). LinuxT is a registered trademark of Linus Torvalds. All other trademarks belong to their respective owners.
Reprints allowed with written permission from the publisher. For more information, e-mail
Application Development Trends | Campus Technology | CertCities.com | The Data Warehousing Institute
E-Gov | EduHound | ENTmag.com | Enterprise Systems | Federal Computer Week | FTPOnline.com | Government Health IT
IT Compliance Institute | MCPmag.com | Recharger | Redmond Developer News | Redmond | Redmond Events | Redmond Channel Partner | Redmond Report
TCPmag.com | T.H.E. Journal | Virtualization Review | Visual Studio Magazine | VSLive!
Copyright 1996-2009 1105 Media, Inc. See our Privacy Policy.
1105 Redmond Media Group