public void ChangePassword(IComputer computer, SecurityIdentifier sid = null)
{
try
{
if (sid == null)
{
sid = this.sam.GetWellKnownSid(WellKnownSidType.AccountAdministratorSid);
}
string newPassword = this.passwordGenerator.Generate();
DateTime rotationInstant = DateTime.UtcNow;
DateTime expiryDate = DateTime.UtcNow.AddDays(this.settings.MaximumPasswordAge);
lithnetAdminPasswordProvider.UpdateCurrentPassword(computer, newPassword, rotationInstant, expiryDate, this.settings.PasswordHistoryDaysToKeep, this.settings.MsMcsAdmPwdBehaviour);
this.logger.LogTrace(EventIDs.SetPasswordOnAmAttribute, "Set password on Lithnet Access Manager attribute");
if (this.settings.MsMcsAdmPwdBehaviour == MsMcsAdmPwdBehaviour.Populate)
{
this.logger.LogTrace(EventIDs.SetPasswordOnLapsAttribute, "Set password on Microsoft LAPS attribute");
}
this.sam.SetLocalAccountPassword(sid, newPassword);
this.logger.LogInformation(EventIDs.SetPassword, "The local administrator password has been changed and will expire on {expiryDate}", expiryDate.ToLocalTime());
}
catch (Exception ex)
{
this.logger.LogError(EventIDs.PasswordChangeFailure, ex, "The password change operation failed");
}
}
public void ChangePassword(IComputer computer, SecurityIdentifier sid = null)
{
try
{
if (sid == null)
{
sid = this.sam.GetWellKnownSid(WellKnownSidType.AccountAdministratorSid);
}
string newPassword = this.passwordGenerator.Generate();
DateTime rotationInstant = DateTime.UtcNow;
DateTime expiryDate = DateTime.UtcNow.AddDays(this.settings.MaximumPasswordAge);
if (this.settings.WriteToLithnetAttributes)
{
lithnetAdminPasswordProvider.UpdateCurrentPassword(computer,
this.encryptionProvider.Encrypt(
this.certificateProvider.FindEncryptionCertificate(this.settings.CertThumbprint, this.settings.CertPath),
newPassword),
rotationInstant,
expiryDate,
this.settings.PasswordHistoryDaysToKeep);
this.logger.LogTrace(EventIDs.SetPasswordOnAmAttribute, "Set password on Lithnet Access Manager attribute");
}
if (this.settings.WriteToMsMcsAdmPasswordAttributes)
{
this.msMcsAdmPwdProvider.SetPassword(computer, newPassword, expiryDate);
this.logger.LogTrace(EventIDs.SetPasswordOnLapsAttribute, "Set password on Microsoft LAPS attribute");
}
else
{
this.msMcsAdmPwdProvider.ClearPassword(computer);
}
this.sam.SetLocalAccountPassword(sid, newPassword);
this.logger.LogInformation(EventIDs.SetPassword, "The local administrator password has been changed and will expire on {expiryDate}", expiryDate);
}
catch (Exception ex)
{
this.logger.LogError(EventIDs.PasswordChangeFailure, ex, "The password change operation failed");
}
}