Jump to content
colombeen

Advanced certificate install question

Recommended Posts

colombeen

Hi guys,

I have a pretty advanced question...

 

This is the issue i'm facing :

On a regular basis we need to install pfx certificates (with password protection) on devices from external companies.

To install the certificate we always have to contact the user, setup a really dull and long process to get an RDP session to that device, install the certificate.

 

I'm looking for :

a way to generate exe files on the fly, that will include the pfx file and password, and automatically install them without any interaction from the user, and the user not being able to retrieve the password to install the certificate.

 

Question :

Is this possible with AutoIT? And if so, does anyone have a working example for the certificate installation part or the auto generate with file include?

 

Thx in advance

colombeen

Edited by colombeen

Share this post


Link to post
Share on other sites
colombeen

NOOOO!!!

not at all. we regularly need to grant access for external users to access our domain. to do so we need to install a certificate that allows them to connect.

I want to automate the install process of the cert so that we don't need to make the rdp session etc.

i want to send them the "certificate installer" generated with autoit via email or something else so that they can install the certificate without us needing remote control (because they can't know the password for the cert, that's why we need RDP => security reasons)

if i can automate this into an autoit compiled executable (has to be encrypted) i can speed up the process.

this is what I'm aiming for =>

- generate certificate + password via powershell
- call autoit compiler from powershell, telling it where the certificate is placed and what the password is (and maybe something else to verify the device)
- compiler needs to create an exe that holds both items
- it checks for the hostname (or something else) of the device it will be run on
- if everything checks out, install the certificate
- certificate installer shouldn't work for more then a few hours and then it should just stop working (to make sure it only will be installed on 1 device)
- user get's a message that the installing was a success or a failure

Edited by colombeen

Share this post


Link to post
Share on other sites
JohnOne

Thanks for clarification.

I'm sorry I don't know about solution, but I do know it is never safe or secure to have a password embedded in a script, AutoIt or anything else, it can without exception be retrieved.


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites
colombeen

I know it's not a good way to include a pass in a script, but it's just so time consuming. i was just hoping that i would be possible with encryption on the exe file

Share this post


Link to post
Share on other sites
orbs

@colombeen,

yes, this is possible, and i dare say rather easy.

the "embedded password" catch can be easily avoided - do not embed the password. instead, equip your "installer" with an input box for the password, and when you guide the end user throughout the installation process (by phone i assume), read-out the password to the user when the time comes to type it in.

now, here's how you proceed:

1) report your topic and have a moderator move it to the General Help and Support forum, where it truely belongs and will get a more assistive attention.

2) learn the following AutoIt functions:

FileInstall() - to embed and extract an external file (the pfx) in the compiled script

InputBox() - to ask the user for the password

Run() - to launch certutil.exe to install the certificate

MsgBox() - to inform the user of failure or success

3) make a decent attempt at it and come back if you need further assistance.

Share this post


Link to post
Share on other sites
colombeen
17 hours ago, orbs said:

the "embedded password" catch can be easily avoided - do not embed the password. instead, equip your "installer" with an input box for the password, and when you guide the end user throughout the installation process (by phone i assume), read-out the password to the user when the time comes to type it in.

This is not an option... the user may never hear/read/touch/... the password for the certificate file. otherwise i could just send the certificate with the password and i would be done with it...

Also... the fileinstall etc... I need to be able to add the file on the fly from a command like

AutoITCompiler.exe -compile -au3file "certinstaller.au3" -outputfile "certinstaller.exe" -includefile "cert6546548979821.pfx" -addvariable "Th1sIsN0tAR34lP4ssw0rd!" -encrypted -somethingsomething

so that i can run the function that creates the certificate with the required params, generates the executable, creates an e-mail and sends it with the steps the user should take.

 

creating a script that can install a certificate will prob not be such a big hastle for me... it's the auto generate part that i don't know/have no experience with

Edited by colombeen

Share this post


Link to post
Share on other sites
JLogan3o13

@colombeen As we discussed via PM I think the suggestion given to you to move this to General Help and Support was incorrect, as this thread is still about the mechanics of accomplishing what you're after rather than a specific issue with an AutoIt script. For that reason I think DEV forum is the perfect place to discuss the how's and why's of what you are trying to accomplish.

If you get to the point of creating the script to install your certificate, as you mention above, and run into issues, then I think it would make sense to create a thread in General Help and Support for specifically that subject. You can even link it back here for someone who wants all the history on it.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
orbs
3 hours ago, colombeen said:

This is not an option... the user may never hear/read/touch/... the password for the certificate file.

ok, then this is a case of production / security trade-off. consider the following:

1) certificate is bound to a hostname

2) certificate has a limited time before expiration

3) certificate alone is not sufficient for connection, a username/password combination is required as well

4) a script that simple can be safely made with an older version of AutoIt, which supports obfuscating the code

given the above, i'd say the risk of a compromised certificate password is low. if your CISSO agrees, then embed the password. the rest is technicality:

3 hours ago, colombeen said:

Also... the fileinstall etc... I need to be able to add the file on the fly from a command like

this is actually a lot easier than you think. off-hand i'd follow this logic:

the parameters which vary from one certificate to another is the certificate file name and the password. put in your main script a line like this:

#include <CurrentCertificateInfo.au3>

in your PoweShell script (or batch file), right after you create the certificate (and you know its file name and password), create a new file named CurrentCertificateInfo.au3 and have it contain these two lines:

FileInstall("cert6546548979821.pfx", @TempDir & '\CurrCert.pfx', 1)
Global $sPassword = "Th1sIsN0tAR34lP4ssw0rd!"

the main script the uses CurrCert.pfx and $sPassword in due time.

now study the correct syntax of compiling from the command line from the AutoIt help file: AutoIt > using AutoIt > Compiling Scripts > Method 3 - The Command Line

you'll find all your requirements are met by the available command line switches (except of the "-encrypted -somethingsomething" part, which i don't understand what it means).

Edited by orbs
  • Like 1

Share this post


Link to post
Share on other sites
mLipok

If you want install certs in Windows store (not on Crypto card) you could try to use certutil. For this case you could check my Certutil UDF 


Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2018-03-17

Share this post


Link to post
Share on other sites
colombeen
17 hours ago, mLipok said:

If you want install certs in Windows store (not on Crypto card) you could try to use certutil. For this case you could check my Certutil UDF 

I wish that I could use the UDF but it doesn't support passwords for pfx certificates, and that is the most important part of this automation. I'll see how far I can get with my project and maybe I'll try to add some features to the udf

Share this post


Link to post
Share on other sites
colombeen

I'm changing the way I'll be handling the passwords for the certificates.

I'll be using a little webservice that will retrieve the password, and if the certificate is installed correctly, the webservice will be returned an OK to remove the password

 

this is the command i'll be using to install the PFX files : 

certutil -f -user -p "Th1sIsN0tAR34lP4ssw0rd!" -importpfx "C:\Full\Path\To\Certificate.pfx" NoRoot

The biggest issue is that I can't be sure if the install was a succes because certutil always returns 0 as an exit code, and I'm not sure how to retrieve the errorlevel environment variable from a cmd window

Share this post


Link to post
Share on other sites
mLipok

I will Look at this, late night.


Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2018-03-17

Share this post


Link to post
Share on other sites
orbs
2 hours ago, colombeen said:

 

I'm changing the way I'll be handling the passwords for the certificates.

I'll be using a little webservice that will retrieve the password, and if the certificate is installed correctly, the webservice will be returned an OK to remove the password

 

that's still no guarantee to prevent compromised password, but if that's OK with your CISSO, it's fine by me... ;)

2 hours ago, colombeen said:

... I can't be sure if the install was a succes ...

after you call certutil.exe to import the certificate, call it again with the parameter -store only. this will generate a list of the installed certificates, which you can check for the presence of your certificate.

Share this post


Link to post
Share on other sites
colombeen

I'd rather check the errorlevel code if at all possible... it's alot more code for a verification... the info from the pfx can't be read by the autoit gui so I'd have to provide it some other way (reading out the certutil install info or something but that would take alot more time to code)

issue for me is that if you do the command for the certinstall, and you add " & echo %errorlevel%" it always shows the errorlevel from before the certutil command... it has the be executed on it's own line and not in a oneliner

Share this post


Link to post
Share on other sites
mLipok

Try to use this:
 

Func _CertUtil_ImportPFX()
    Local $sResult = __CertUtil_RunWrapper('-f -user -p "Th1sIsN0tAR34lP4ssw0rd!" -importpfx "C:\Full\Path\To\Certificate.pfx" NoRoot','','')

    ; CertUtil: -delstore command completed successfully.
    If Not StringInStr($sResult, 'CertUtil: -delstore command completed successfully.') Then
        Return SetError($CUTIL_ERR_GENERAL, $CUTIL_EXT_DEFAULT, 0)
    EndIf

    Return SetError($CUTIL_ERR_SUCCESS, $CUTIL_EXT_DEFAULT, $CUTIL_RET_SUCCESS)

EndFunc    ;==>_CertUtil_delstore

 

Here are my results:

Quote

====================================================================
Command: certutil.exe -f -user -p "Th1sIsN0tAR34lP4ssw0rd!" -importpfx "C:\Full\Path\To\Certificate.pfx" NoRoot  
Stdout Read:
CertUtil: -importPFX command FAILED: 0x80070003 (WIN32: 3 ERROR_PATH_NOT_FOUND)
CertUtil: System nie może odnaleźć określonej ścieżki.
====================================================================

>>>>>> Please close the "Report Log Window" to exit <<<<<<<

As you can see:
"System nie może odnaleźć określonej ścieżki."
"System can't  find the specified path."

 

I think this should be all what you need.

Regards
mLipok


Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest begining - comunication with GitHub REST API *
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF *

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * 

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2018-03-17

Share this post


Link to post
Share on other sites
colombeen
5 hours ago, mLipok said:

Try to use this:
 

Func _CertUtil_ImportPFX()
    Local $sResult = __CertUtil_RunWrapper('-f -user -p "Th1sIsN0tAR34lP4ssw0rd!" -importpfx "C:\Full\Path\To\Certificate.pfx" NoRoot','','')

    ; CertUtil: -delstore command completed successfully.
    If Not StringInStr($sResult, 'CertUtil: -delstore command completed successfully.') Then
        Return SetError($CUTIL_ERR_GENERAL, $CUTIL_EXT_DEFAULT, 0)
    EndIf

    Return SetError($CUTIL_ERR_SUCCESS, $CUTIL_EXT_DEFAULT, $CUTIL_RET_SUCCESS)

EndFunc    ;==>_CertUtil_delstore

 

The issue with this check is that 

If Not StringInStr($sResult, 'CertUtil: -delstore command completed successfully.') Then

Will not work on my system because the return information from the error is in dutch on my device. As we need to send out this installer to people all over europe, I can't be checking on every language...

Also it seems that when I run it without comspec i do get the exit code correctly

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • t0nZ
      By t0nZ
      Today I want to share this little project made to check and  notify the expiration of domain users password, in a Microsoft domain.
      Briefly, the script check users domain password expiration and takes actions.
      The script can work on multiple domain groups, taking different actions for every group, there is an .ini file with some options.
      Groups to be checked are defined in the .ini, and the groups must contain only users no other groups.
      The list of users of every group is obtained and if the password expiration in (remaining) days is matched (two possibilities) an email is sent.
      It can be a mail sent directly to the user (ini file : tomail=user) or it can be a mail sent to only one address (ini file : tomail=the@mail.it) (like domain admins...) and in this case the mail contains a report with the users approaching expiration.
      An operation log is always generated.
      In the ini (also the posted one) you can set to have no mail sent (for testing) and/or to have a GUI, but also the GUI is intended only for test, this script is scheduled on a server not logged in, so normally no GUI .
      Update 2018/03/16 : added switch to reset the password expiration, useful if you have for example an user (or 500) with psw expiration withing 3 days and you want to restore expiration within 90 days WITHOUT changing password.
      Used the way as advised by Microsoft  (see the link), but with sth AD.au3 , the fantastic Active Directory UDF
      # First change the pwdlastset to 0 because Microsoft wants it this way $todouser.pwdLastSet = 0 Set-ADUser -Instance $todouser # Change the pwdlastset to the current date/time of the associate DC $todouser.pwdLastSet = -1 Set-ADUser -Instance $todouser Why you should act this way ? Big companies have strange policies listen to me ...
      The code:
      #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Icon=Icone\Faenza\117.ico #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** ; PEG ; Password Expiration Guardian ; (C) NSC 2018 ; check user domain password expiration and takes actions ; the script can work on multiple domain groups, taking differente actions for every group. ; the groups must contains only users no other groups ; the list of users of every group is obtained and if the password expiration in day is matched (two possibilities) an email is sent. ; It can be a mail sent directly to the user (ini file : tomail=user) ; or it can be a mail sent to only one address (ini file : tomail=the@mail.it) ; and in this case the mail contains a report with the users approaching expiration ; V.0.5 check based on one domain group ; V.1.0 ini file and check based on multiple domain groups ; V.1.5 ini file with general section to activate "test" GUI, and to enable disable mail send ; V.1.6 march 2018 italian "home made" translation of days and months in date ; V.1.7 added flag pwdLastSet to reset pass expiration - intended to use like a one time on/off switch to reset psw expiration #include <AD.au3> #include <File.au3> #include <GuiEdit.au3> #include <_zip.au3> #include <Date.au3> #include <Inet.au3> #include <GUIConstantsEx.au3> #include <GuiEdit.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #include <Debug.au3> Global $appname = "PEG", $appver = "V.1.7" Global $inifile = @ScriptDir & "\" & $appname & ".ini" Global $geleft = 5, $getop = 5, $gewidth = 790, $geheight = 540 Global $gollogcount = 0, $lastlog = "sicrlf", $cachelog = "", $guititle = "PEG " & $appver, $Gollogedit, $logfile = @ScriptDir & "\" & $appname & "_LOG_", $months2NOTzip = 3 Global $INIgroup, $INItomail, $INImailsubject, $INIsmpt, $INIfromname, $INIfromaddress, $INIdays1, $INIdays2, $INItosend, $arrayINIsections, $guiactive, $flagITA, $flagpwdLastSet ; START program GOLLOG(">>>>>> " & $appname & " " & $appver & " START >>>>>>") CFGctrl() If $guiactive = 1 Then GUI() $groupnumber = 0 While $groupnumber < $arrayINIsections[0] $groupnumber += 1 If $arrayINIsections[$groupnumber] <> "general" Then CFGload($arrayINIsections[$groupnumber]) loaduserS() EndIf WEnd If $guiactive = 1 Then While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE GOLLOG("<<<< STOP <<<<") Exit EndSwitch WEnd EndIf GOLLOG("<<<<<< PEG STOP <<<<<<<") Exit ;STOP program Func GUI() GUICreate($guititle, 800, 560, 100, 200, -1) GUISetBkColor(0x693F54) ; will change background color $Gollogedit = GUICtrlCreateEdit("", $geleft, $getop, $gewidth, $geheight, BitOR($ES_AUTOVSCROLL, $ES_AUTOHSCROLL, $ES_WANTRETURN, $WS_BORDER, $WS_VSCROLL)) GUICtrlSetBkColor(-1, 0xC7BBC1) GUICtrlSetData(-1, "" & @CRLF) GUICtrlSetFont(-1, 9, 800, 0, "consolas") GUICtrlSetColor(-1, 0x090608) GUISetState(@SW_SHOW) GOLLOG("PEG " & $appver & " gui STARTED") EndFunc ;==>GUI Func loaduserS() GOLLOG("workin on group: " & $INIgroup) Local $Nscad = 0 Dim $report[1] = ["Report:"] Local $singlereport = "" Local $usermail = "" Local $username = "" Local $datediff = "" Local $arrayuserpsw Local $iErr _AD_Open() $search1 = _AD_GetGroupMembers($INIgroup) ;$search1 = _AD_RecursiveGetGroupMembers($INIgroup); testing recursive .. in the future maybe If @error = 0 Then Local $conta1 = 0 While $search1[0] > $conta1 $conta1 += 1 $arrayuserpsw = _AD_GetPasswordInfo($search1[$conta1]) $datediff = _DateDiff("D", _NowCalc(), $arrayuserpsw[9]) GOLLOG("USER: " & $search1[$conta1]) GOLLOG("Password expires on: " & $arrayuserpsw[9] & " in " & $datediff & " days") If $datediff = $INIdays1 Or $datediff = $INIdays2 Then GOLLOG("expiration match !") If $INItomail = "user" Then ; this IF is relative to .ini file parameter TOSEND $usermail = _AD_GetObjectAttribute($search1[$conta1], "mail") GOLLOG("sending mail to: " & $usermail) If $flagITA = 1 Then $dataITA = dataITA($arrayuserpsw[9]) Else $dataITA = _DateTimeFormat($arrayuserpsw[9], 1) EndIf Dim $report[1] = ["La tua password scadra' " & $dataITA & ", entro " & $datediff & " giorni."] _ArrayAdd($report, "Modificala per tempo !") If $INItosend = 0 Then GOLLOG("Not sent mail " & $Nscad & ": ") GOLLOG("from :" & $INIfromname & " | " & $INIfromaddress) GOLLOG("to :" & $usermail & " | subject: " & $INImailsubject) Local $reporttext = _ArrayToString($report) GOLLOG("text :" & $reporttext) Else Local $iResponse = _INetSmtpMail($INIsmpt, $INIfromname, $INIfromaddress, $usermail, $INImailsubject, $report, "EHLO " & @ComputerName, "-1") ; perla pearl mail send HS smtp (ehlo required) $iErr = @error If $iResponse = 1 Then GOLLOG("Success! " & "Mail to user sent") Else GOLLOG("Error! " & "Mail failed with error code " & $iErr) EndIf EndIf Else $username = _AD_GetObjectAttribute($search1[$conta1], "displayname") _ArrayAdd($report, "USER: " & $username) _ArrayAdd($report, "Password expires on: " & $arrayuserpsw[9] & " in " & $datediff & " days") $Nscad += 1 If $flagpwdLastSet = 1 Then ; warning : auto pass set GOLLOG("Re-set password expiration for " & $search1[$conta1]) If _AD_ModifyAttribute($search1[$conta1], "pwdLastSet", "0") Then GOLLOG("pwdLastSet to 0 - OK") Else GOLLOG("pwdLastSet to 0 - ERROR " & @error) EndIf If _AD_ModifyAttribute($search1[$conta1], "pwdLastSet", "-1") Then GOLLOG("pwdLastSet to -1 - OK") Else GOLLOG("pwdLastSet to -1 - ERROR " & @error) EndIf EndIf EndIf EndIf WEnd If $Nscad > 0 And $INItomail <> "user" Then _ArrayAdd($report, $Nscad & " user passwords near expiration") If $INItosend = 0 Then GOLLOG("Not sent mail " & $Nscad & ": ") GOLLOG("from :" & $INIfromname & " | " & $INIfromaddress) GOLLOG("to :" & $INItomail & " | subject: " & $INImailsubject) Local $reporttext = _ArrayToString($report) GOLLOG("text :" & $reporttext) Else Local $iResponse = _INetSmtpMail($INIsmpt, $INIfromname, $INIfromaddress, $INItomail, $INImailsubject, $report, "EHLO " & @ComputerName, "-1") ; perla pearl mail send HS smtp (ehlo required) Local $iErr = @error If $iResponse = 1 Then GOLLOG("Success! " & "Mail sent") Else GOLLOG("Error! " & "Mail failed with error code " & $iErr) EndIf EndIf EndIf GOLLOG("checked n° " & $conta1 & " users") Else GOLLOG("error in user search " & @error) EndIf _AD_Close() EndFunc ;==>loaduserS Func dataITA($inputdate) ; Input date in the format "YYYY/MM/DD[ HH:MM:SS]", and translates Tuesday 8 May 2018 -> Martedì 8 maggio 2018 - perla pearl Local $stringaDATAita = _DateTimeFormat($inputdate, 1) Select Case StringInStr($stringaDATAita, "Monday") $stringaDATAita = StringReplace($stringaDATAita, "Monday", "lunedi'") Case StringInStr($stringaDATAita, "Tuesday") $stringaDATAita = StringReplace($stringaDATAita, "Tuesday", "martedi'") Case StringInStr($stringaDATAita, "Wednesday") $stringaDATAita = StringReplace($stringaDATAita, "Wednesday", "mercoledi'") Case StringInStr($stringaDATAita, "Thursday") $stringaDATAita = StringReplace($stringaDATAita, "Thursday", "giovedi'") Case StringInStr($stringaDATAita, "Friday") $stringaDATAita = StringReplace($stringaDATAita, "Friday", "venerdi'") Case StringInStr($stringaDATAita, "Saturday") $stringaDATAita = StringReplace($stringaDATAita, "Saturday", "sabato") Case StringInStr($stringaDATAita, "Sunday") $stringaDATAita = StringReplace($stringaDATAita, "Sunday", "Domenica") EndSelect Select Case StringInStr($stringaDATAita, "January") $stringaDATAita = StringReplace($stringaDATAita, "January", "gennaio") Case StringInStr($stringaDATAita, "February") $stringaDATAita = StringReplace($stringaDATAita, "February", "febbraio") Case StringInStr($stringaDATAita, "March") $stringaDATAita = StringReplace($stringaDATAita, "March", "marzo") Case StringInStr($stringaDATAita, "April") $stringaDATAita = StringReplace($stringaDATAita, "April", "aprile") Case StringInStr($stringaDATAita, "May") $stringaDATAita = StringReplace($stringaDATAita, "May", "maggio") Case StringInStr($stringaDATAita, "June") $stringaDATAita = StringReplace($stringaDATAita, "June", "giugno") Case StringInStr($stringaDATAita, "July") $stringaDATAita = StringReplace($stringaDATAita, "July", "luglio") Case StringInStr($stringaDATAita, "August") $stringaDATAita = StringReplace($stringaDATAita, "August", "agosto") Case StringInStr($stringaDATAita, "September") $stringaDATAita = StringReplace($stringaDATAita, "September", "settembre") Case StringInStr($stringaDATAita, "October") $stringaDATAita = StringReplace($stringaDATAita, "October", "ottobre") Case StringInStr($stringaDATAita, "November") $stringaDATAita = StringReplace($stringaDATAita, "November", "novembre") Case StringInStr($stringaDATAita, "December") $stringaDATAita = StringReplace($stringaDATAita, "December", "dicembre") EndSelect Return ($stringaDATAita) EndFunc ;==>dataITA Func GOLLOG($logtext) ; Gollog V.2.3 gestione CRLF si o no ; gestione a capo automatico oltre i xx caratteri; gestione pulitura ogni totmila char Perla pearl ; basta aggiungere |nocrlf50 a fine stringa, dove 50 sono gli xx caratteri, conta la prima riga dove si supera quel limite. ; to declare $gollogcount = 0,$lastlog="sicrlf",$cachelog="",$guititle = "nomegui",$Gollogedit,$logfile = @ScriptDir & "\GOLLOG_LOG_", $months2NOTzip = 3 ; e anche le misure dell'edit: $geleft = 32, $getop = 32, $gewidth = 553, $geheight = 377 ; #include <File.au3> #include <GuiEdit.au3> #include <_zip.au3> ; to insert FUNCs: GOLLOG CLEANEDIT GOLzipZIP $gollogcount += StringLen($logtext) ;Local $logfile = @ScriptDir & "\GOLLOG_LOG_" ; now global Local $logfiletimerange = @YEAR & @MON Local $linelimit = StringRight($logtext, 2) If StringRight($logtext, 9) = "|nocrlf" & $linelimit Then $logtext = StringTrimRight($logtext, 9) Local $acapo = "no" Else Local $acapo = "si" $gollogcount += 4 If $gollogcount > 13000 Then Sleep(3000) cleanedit() ; MsgBox(64, "debug", $conta) $gollogcount = 0 EndIf EndIf If $acapo = "no" And (StringLen($cachelog) <= $linelimit) Then ;pearl perla non a capo se If $lastlog = "nocrlf" Then If WinExists($guititle) Then ; per non scrivere in gui se questa non esiste _GUICtrlEdit_AppendText($Gollogedit, $logtext) EndIf Else If WinExists($guititle) Then ; per non scrivere in gui se questa non esiste _GUICtrlEdit_AppendText($Gollogedit, @MDAY & "/" & @MON & "_" & @HOUR & ":" & @MIN & " " & $logtext) EndIf EndIf $cachelog = $cachelog & $logtext $lastlog = "nocrlf" Else If $lastlog = "nocrlf" Then If WinExists($guititle) Then ; per non scrivere in gui se questa non esiste _GUICtrlEdit_AppendText($Gollogedit, $logtext & @CRLF) EndIf $cachelog = $cachelog & $logtext _FileWriteLog($logfile & $logfiletimerange & ".txt", $cachelog) $cachelog = "" Else If WinExists($guititle) Then ; per non scrivere in gui se questa non esiste _GUICtrlEdit_AppendText($Gollogedit, @MDAY & "/" & @MON & "_" & @HOUR & ":" & @MIN & " " & $logtext & @CRLF) EndIf _FileWriteLog($logfile & $logfiletimerange & ".txt", $logtext) EndIf $lastlog = "sicrlf" EndIf EndFunc ;==>GOLLOG Func cleanedit() ; cleaning of edit every n° lines (in program put if $nlines > xlines then this function) GUICtrlDelete($Gollogedit) $Gollogedit = GUICtrlCreateEdit("", $geleft, $getop, $gewidth, $geheight) ;, BitOR($ES_AUTOVSCROLL, $ES_AUTOHSCROLL, $ES_WANTRETURN, $WS_BORDER)) GUICtrlSetData(-1, "" & @CRLF) GUICtrlSetFont(-1, 9, 800, 0, "consolas") GUICtrlSetColor(-1, 0090608) GUICtrlSetBkColor(-1, 0xF0DAE5) GUICtrlSetCursor(-1, 3) EndFunc ;==>cleanedit Func GOLzipLOG($months2NOTzip) ; zipping old log leaving unzipped only n months GOLLOG("Starting old logs zipping..") ; path extraction zone Local $logfiletimerange = @YEAR & @MON Local $sDrive = "", $sDir = "", $sFileName = "", $sExtension = "" Local $arraylogpath = _PathSplit($logfile & $logfiletimerange & ".txt", $sDrive, $sDir, $sFileName, $sExtension) Local $logpath = $arraylogpath[1] & $arraylogpath[2] Local $hSearch = FileFindFirstFile($logfile & "*.txt") ; searching for logs Local $logconta = 0 While 1 ; single file processing cycle Local $sFileName = FileFindNextFile($hSearch) ; If there is no more file matching the search. If @error Then ExitLoop Local $stringtime = StringTrimRight(StringRight($sFileName, 10), 4) ;obtaining year-month like 201609 If $logfiletimerange - $stringtime > $months2NOTzip Then ;zipping If Not FileExists($logfile & ".zip") Then If Not _Zip_Create($logfile & ".zip", 1) Then GOLLOG("Error " & @error & " creating " & $logfile & ".zip") Else GOLLOG("Created new log archive: " & $logfile & ".zip") EndIf Else GOLLOG("adding to archive: " & $logfile & ".zip") EndIf If Not _zip_additem($logfile & ".zip", $logpath & $sFileName) Then GOLLOG("Error " & @error & " zipping: " & $logpath & $sFileName) Else GOLLOG("Added: " & $logpath & $sFileName) $logconta += 1 If Not FileDelete($logpath & $sFileName) Then GOLLOG("ERROR - Unable to DELETE log file " & $logpath & $sFileName) EndIf EndIf EndIf WEnd GOLLOG("Finished = " & $logconta & " log files zipped") EndFunc ;==>GOLzipLOG Func CFGctrl() ; check ini files and load section names GOLLOG("checkin' INI file..|nocrlf50") If FileExists($inifile) Then $guiactive = IniRead($inifile, "general", "GUI", "?") If $guiactive = "?" Then GOLLOG("INI incomplete, missing section 'general', value GUI") ExitwithError() EndIf $flagITA = IniRead($inifile, "general", "dataITA", "?") If $flagITA = "?" Then GOLLOG("INI incomplete, missing section 'general', value dataITA") ExitwithError() EndIf $flagpwdLastSet = IniRead($inifile, "general", "pwdLastSet", "?") If $flagpwdLastSet = "?" Then GOLLOG("INI incomplete, missing section 'general', value pwdLastSet") ExitwithError() EndIf GOLLOG("reading section names...|nocrlf50") $arrayINIsections = IniReadSectionNames($inifile) GOLLOG("N°" & $arrayINIsections[0] - 1 & " groups to process") Else $message1 = "error: no saved settings !?" GOLLOG($message1) ExitwithError() EndIf GOLLOG("..completed") EndFunc ;==>CFGctrl Func CFGload($section) ; load single ini file section values $INIgroup = IniRead($inifile, $section, "group", "?") $INItomail = IniRead($inifile, $section, "tomail", "?") $INItosend = IniRead($inifile, $section, "tosend", "?") $INIdays1 = IniRead($inifile, $section, "days1", "?") $INIdays2 = IniRead($inifile, $section, "days2", "?") $INImailsubject = IniRead($inifile, $section, "mailsubject", "?") $INIsmpt = IniRead($inifile, $section, "smtp", "?") $INIfromname = IniRead($inifile, $section, "fromname", "?") $INIfromaddress = IniRead($inifile, $section, "fromaddress", "?") EndFunc ;==>CFGload Func ExitwithError() GOLLOG("**********ERROR and STOP****************") Exit EndFunc ;==>ExitwithError The example .ini:
       
      [group1] group=G_IT_PASSWORD_MONITORED days1=5 days2=2 tomail=yourgroup@yourdomain.it ;tosend=user; send mails to the domain user mail address, otherwise send to specified address tosend=0 ;tosend ;1 send mails, 0 disable mails for testing mailsubject=Domain users going to expire passwords smtp=smtp.your.own.server fromname=Password Expiration Guardian fromaddress=PEG@NSC.it [group2] group=G_IT_PASSWORD_NOTIFIED days1=5 days2=2 tomail=user ;tosend=user; send mails to the domain user mail address, otherwise send to specified address tosend=0 ;tosend ;1 send mails, 0 disable mails for testing mailsubject=Password is expiring ! smtp=smtp.your.own.server fromname=Password Expiration Guardian fromaddress=PEG@NSC.it [general] GUI=1 ;1 gui ON for testing, 0 gui disabled dataITA = 1 ;1 translates datetime in italian, 0 for ENG pwdLastSet = 0 ;1 tries to reset the 'pwdLastSet' attribute (you must have permissions), 0 do nothing  
       
    • Overkill
      By Overkill
      Hi all,
      I am working on a GUI program to update Google's Dynamic DNS (API at https://support.google.com/domains/answer/6147083?authuser=1&hl=en if you scroll to bottom). I am not a programmer by any means - just a sysadmin who has picked up on some things along the way. I am sure that there's better ways to do a lot of things in this script; I'm just going with what I know.
      My challenge right now is that I'd like a better way to store the credentials both in memory as well as in system registry or INI file (not sure which way I want to go for local storage). How should I convert the passwords to a secure string in a manner that can't be easily reversed, yet is still accessible to the script? Is that even an option in AutoIt?
      Can anybody provide me with links to good reference posts, or coding suggestions for how best to achieve this in the script below? I am using the WinHTTP UDF (https://github.com/dragana-r/autoit-winhttp/releases) to make my API calls.
      #include<WinHTTP.au3> #include<GUIConstantsEx.au3> #include<EditConstants.au3> #include<iNet.au3> #include<Array.au3> DIM $aDomainList[1][4] $aDomainList[0][0] = 0 $gMainGUI = GUICreate("Overkill's Google DNS Updater",800,800) $gDomainLabel = GUICtrlCreateLabel("FQDN",21,8) $gDomainInput = GUICtrlCreateInput("",60,5,300) $gUserLabel = GUICtrlCreateLabel("Username",5,36) $gUserInput = GUICtrlCreateInput("",60,32,130,Default,BitOR($GUI_SS_DEFAULT_INPUT,$ES_PASSWORD)) $gPasswordLabel = GUICtrlCreateLabel("Password",6,64) $gPassInput = GUICtrlCreateInput("",60,60,130,Default,BitOR($GUI_SS_DEFAULT_INPUT,$ES_PASSWORD)) $gAddButton = GUICtrlCreateButton("ADD DOMAIN",200,31,160,52) $gCurrentIP = GUICtrlCreateLabel("Current IP: " & _CheckIP(),5,780) $gDomainList = GUICtrlCreateListView("Domain | Resolved IP | Update Status",5,120,600,600) GUISetState(@SW_SHOW,$gMainGUI) while 1 $m = GUIGetMsg() IF $M = $GUI_EVENT_CLOSE then Exit IF $M = $gAddButton Then $sAddDomain = GUICtrlRead($gDomainInput) $sAddUser = GUICtrlRead($gUserInput) $sAddPass = GUICtrlRead($gPassInput) $sResolveIP = _DNSCheck($sAddDomain) ;Google wants you to avoid sending updates when there are no changes If StringCompare($sResolveIP,_CheckIP()) = 0 Then $sStatus = "No change, not sending update" Else $sStatus = _DNSUpdate($sAddDomain,$sAddUser,$sAddPass) EndIf ;Check to make sure all fields are completed before continuing IF StringLen($sAddDomain) = 0 OR StringLen($sAddUser) = 0 OR StringLen($sAddPass) = 0 Then MsgBox(0,"","Please complete all fields") Else ; If the fields all have data, then continue ;Check to see if the entry exists in the array already $iSanity = _ArraySearch($aDomainList,$sAddDomain) IF $iSanity = 0 Then _ArrayAdd($aDomainList,$sAddDomain & "|" & $sAddUser & "|" & $sAddPass ) If @error = 0 Then $aDomainList[0][0] += 1 $aDomainList[$aDomainList[0][0]][3] = GUICtrlCreateListViewItem($sAddDomain & "|" & $sResolveIP & "|" & $sStatus,$gDomainList) Else MsgBox(0,"","Error adding input to list") EndIf Else ; If $iSanity <> 0 ; Update existing info in array and listviewitem $aDomainList[$iSanity][0] = $sAddDomain $aDomainList[$iSanity][1] = $sAddUser $aDomainList[$iSanity][2] = $sAddPass GUICtrlSetData($aDomainList[$iSanity][3],$sAddDomain & "|" & $sResolveIP & "|" & $sStatus) EndIf ; If $iSanity = 0 EndIf ; If StringLen... EndIf ; If $m = $gaddbutton WEnd ;---------------------------------------------------------------------------------------- Func _DNSCheck($sFQDN) $sJSON = _INetGetSource("https://dns.google.com/resolve?name=" & $sFQDN & "&cd=1") ConsoleWrite($sJSON & @CRLF) $sIPAddress = StringRegExpReplace($sJSON,'^.*data": "(.*?)".*?$',"\1") Return $sIPAddress EndFunc ;---------------------------------------------------------------------------------------- Func _DNSUpdate($sFQDN,$sUser,$sPass) Local $sGoogleAPIURI = "https://domains.google.com" Local $hOpen = _WinHttpOpen() Local $hConnect = _WinHttpConnect($hOpen, $sGoogleAPIURI) Local $sHeader = _ 'Authorization: Basic ' & _Base64Encode($sUser & ":" & $sPass) & @CRLF & _ 'Accept: */*' & @CRLF & _ 'User-Agent: AutoITScript/' & @AutoItVersion & @CRLF & _ 'Content-Type: application/x-www-form-urlencoded' Local $aHTTPResponse = _WinHttpSimpleSSLRequest($hConnect, "POST", "/nic/update", Default, "hostname=" & $sFQDN, $sHeader, True, Default, Default, Default, True) _WinHttpCloseHandle($hConnect) _WinHttpCloseHandle($hOpen) If IsArray($aHTTPResponse) Then $sHTTPResponse = "Header:" & @CRLF & $aHTTPResponse[0] & @CRLF & "Data:" & @CRLF & $aHTTPResponse[1] & @CRLF & @CRLF & @CRLF Return $aHTTPResponse[1] Else $sHTTPResponse = "NO REPLY" Return "No reply from " & $sGoogleAPIURI EndIf EndFunc ;---------------------------------------------------------------------------------------- Func _Base64Encode($sData) Local $oXml = ObjCreate("Msxml2.DOMDocument") If Not IsObj($oXml) Then SetError(1, 1, 0) EndIf Local $oElement = $oXml.createElement("b64") If Not IsObj($oElement) Then SetError(2, 2, 0) EndIf $oElement.dataType = "bin.base64" $oElement.nodeTypedValue = Binary($sData) Local $sReturn = $oElement.Text If StringLen($sReturn) = 0 Then SetError(3, 3, 0) EndIf Return $sReturn EndFunc ;---------------------------------------------------------------------------------------- Func _CheckIP() Return _INetGetSource("https://domains.google.com/checkip") EndFunc ;----------------------------------------------------------------------------------------  
    • DrLarch
      By DrLarch
      Curious if anyone knows if the permissions UDF can be used with certificates and if so, how.
      This is the code in the UDF for $_SE_OBJECT_TYPE which doesn't state anything about certs and not sure if it would fall under one of the object types listed:
      Global Enum _ ;$_SE_OBJECT_TYPE $SE_UNKNOWN_OBJECT_TYPE = 0, _ ;Unknown object type. $SE_FILE_OBJECT, _ ;Indicates a file or directory. Can be an absolute path, such as FileName.dat, C:\DirectoryName\FileName.dat, or a handle to an opened file $SE_SERVICE, _;Indicates a Windows service. A service object can be a local service, such as ServiceName, or a remote service, such as \\ComputerName\ServiceName, or a handle to a service $SE_PRINTER, _;Indicates a printer. A printer object can be a local printer, such as PrinterName, or a remote printer, such as \\ComputerName\PrinterName. $SE_REGISTRY_KEY, _;Indicates a registry key. The names can be in the format 'HKLM\SOFTWARE\Example', or 'HKEY_LOCAL_MACHINE\SOFTWARE\Example'. It can also be a handle to a registry key $SE_LMSHARE, _;Indicates a network share. A share object can be local, such as ShareName, or remote, such as \\ComputerName\ShareName. $SE_KERNEL_OBJECT, _;Indicates a local kernel object. All types of kernel objects are supported. ie, A process handle obtained with _Permissions_OpenProcess $SE_WINDOW_OBJECT, _;Indicates a window station or desktop object on the local computer. $SE_DS_OBJECT, _;Indicates a directory service object or a property set or property of a directory service object. e.g.CN=SomeObject,OU=ou2,OU=ou1,DC=DomainName,DC=CompanyName,DC=com,O=internet $SE_DS_OBJECT_ALL, _;Indicates a directory service object and all of its property sets and properties. $SE_PROVIDER_DEFINED_OBJECT, _;Indicates a provider-defined object. $SE_WMIGUID_OBJECT, _;Indicates a WMI object. $SE_REGISTRY_WOW64_32KEY;Indicates an object for a registry entry under WOW64. ;$_SE_OBJECT_TYPE What I'm trying to do is add another user to a cert in Certificates (Local  Computer) > Personal > Certificates as if using the "manage private keys" command via the MMC.
      Thanks...
    • Luigi
      By Luigi
      Greetings,
      I want use WinHttpRequest to access a OpenShift API server, it use a self signed certificate.
      Does now work...
      I never try with a self signed certificate, how do this?
      Best regards
      Global $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oHTTP.Open("GET", "https://openshift.domain:1234/api/", False) $oHttp.Option(4) = 0x0100 + 0x0200 + 0x1000 + 0x2000 $oHTTP.Option(9) = 0x0080 ;WinHttpRequestOption_SecureProtocols ;~ $oHttp.SetClientCertificate("LOCAL_MACHINE\\Personal\\certificado.crt") $oHttp.Send() $oHttp.WaitForResponse() Local $oAllHeaders = $oHttp.GetAllResponseHeaders() $oReceived = $oHttp.ResponseText $oStatusCode = $oHttp.Status $oHttp = 0 If $oStatusCode = 200 Then ConsoleWrite("$oAllHeaders--------------------" & @LF & $oAllHeaders & "$oAllHeaders--------------------" & @LF) Else ConsoleWrite("< error = " & $oReceived & @LF & $oAllHeaders & @LF) EndIf  
    • VIP
      By VIP
      I can not do anything with any user in the "Local Users Group"
      I tried from my account but I could not change my password (ie set new password)!
      But I was able to activate the Administrator account and I logged into the Administrator account and still could not do anything with my account! But I can set the password and disable the Administrator account from my account or Administrator.
      Any ideas? (Ignore the click on the Sign-in option in the Change Accout settings.)
       

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.