Windows 2012 server Local Account Password Change using WMI and SMB

%3CLINGO-SUB%20id%3D%22lingo-sub-1510888%22%20slang%3D%22en-US%22%3EWindows%202012%20server%20Local%20Account%20Password%20Change%20using%20WMI%20and%20SMB%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1510888%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EEnvironment%3C%2FP%3E%3CP%3Ewindows%202012%20R2%20and%20windows%202016%20Servers%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20using%20windows%20remote%20connector%20which%20uses%20protocol%20WMI%20and%20SMB%20and%20works%20on%20port%20135%20and%20445.%20Now%20there%20are%20two%20windows%20Local%20admin%20accounts%20defined%20named%20%3A%3C%2FP%3E%3CP%3E1.%20winadmin%20(local%20admin%20account)%3C%2FP%3E%3CP%3E2.%20winadmin1%20(local%20admin%20account)%3C%2FP%3E%3CP%3EScenario%201%3C%2FP%3E%3CP%3EFrom%20PAM%20application%20if%20going%20to%20change%20the%20Password%20of%20account%20'winadmin'%20then%20winadmin%20password%20is%20changing%20on%20the%20windows%20but%20in%20PAM%20application%20New%20change%20password%20is%20not%20updated.%20So%2C%20winadmin%20can%20change%20its%20password%20but%20not%20able%20to%20update%20in%20the%20PAM%20application.%3C%2FP%3E%3CP%3EScenario%202%3C%2FP%3E%3CP%3EIf%20linked%20two%20accounts%20in%20PAM%20application.%20And%20account%20'winadmin1'%20is%20able%20to%20change%20the%20password%20of%20account%20'winadmin'%20in%20windows%202012.%20Moreover%2C%20the%20updated%20password%20of%20the%20'winadmin'%20account%20is%20also%20changed%20in%20PAM%20application%20two.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20question%20is%20why%20Scenario%202%20is%20working%20and%20updating%20the%20new%20password%20in%20PAM%20application%20and%20why%20scenario%201%20is%20failing.%20Is%20this%20from%20PAM%20Application%20end%20or%20is%20there%20any%20policy%20restriction%20in%20Windows%20Server%20end.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1510888%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Visitor

Hi,

Environment

windows 2012 R2 and windows 2016 Servers

 

We are using windows remote connector which uses protocol WMI and SMB and works on port 135 and 445. Now there are two windows Local admin accounts defined named :

1. winadmin (local admin account)

2. winadmin1 (local admin account)

Scenario 1

From PAM application if going to change the Password of account 'winadmin' then winadmin password is changing on the windows but in PAM application New change password is not updated. So, winadmin can change its password but not able to update in the PAM application.

Scenario 2

If linked two accounts in PAM application. And account 'winadmin1' is able to change the password of account 'winadmin' in windows 2012. Moreover, the updated password of the 'winadmin' account is also changed in PAM application two.

 

My question is why Scenario 2 is working and updating the new password in PAM application and why scenario 1 is failing. Is this from PAM Application end or is there any policy restriction in Windows Server end.

0 Replies