An illustrated PDF guide is provided with your software download.
Please find text only instuctions below.
BBJT Password Reset Tool
This tool provides a simple UI that allows users to change/reset the passwords of other users (where permission is granted) an example is allowing certain members of staff the ability to reset the password of pupils.
As you start to type a username the software will attempt to automatically complete the remainder of the username, then you can enter a new password and providing you have been granted permission the password will be reset.
Setup Instructions
N.B. this tool and instructions are provided free of charge and as such are “as is” and have no warranty, support or guarantee. BBJT will accept no liability for any damage caused to your system or network as a result of using this tool.
Create a shared folder and extract the files to this location e.g: \\server01\Apps\BBJTPasswordReset
When you open BBJT Password Reset, a security warning may be displayed. To unblock the application, right click the BBJT Password Reset Tool.exe, click Properties, and under the General tab will be a security warning along with a button marked Unblock. Click on this and then click OK, the security warning should no longer be displayed.
By default all Domain Admins will have the right to change any users’ password, however you may allow specified users to reset passwords for users in certain OUs. In the below example we will create a security group called “Password Reset”, anyone who is a member of this group will be able to reset passwords for the delegated OU.
N.B – You can skip creating a new group and could use an existing group if desired, but for greater security and control it is recommended to create a separate group and then make the appropriate users members. – This is not required for Domain Admins.
Logon to a Domain Controller or a machine with Active Directory RSAT installed, and open Active Directory Users and Computers.
Right Click on your Groups OU and create a Security Group in your normal container called Password Reset
Add users to this group whom you wish to be able to reset passwords.
To allow this group permission to change passwords, navigate to the User Container or OU you wish to allow password resets of, and right click and select Delegate Control
Click next on the wizard, and add your Password Reset group and click next again
Check the box for Reset User Passwords and force password change at next logon and then click next
Check the summary and click Finish to confirm the changes
Configure Tool Settings:
From the folder you have extracted open the BBJT-Settings.xml in notepad and configure the following settings as required.
|
Setting |
Default |
Description |
|
Allow Blank Pass |
true |
true/false – Allows the user to set a blank password |
|
AutoComplete |
true |
true/false – Autocomplete the username as the user starts to type – Requires Licence |
|
ConfirmUserDisplayName |
false |
true/false – Gets the display name from the user and asks for confirmation it’s the correct user before completing the password change. |
|
AllowForceUserMustChangeOnLogon |
true |
true/false - Allows a user to select the user must change password on next logon |
|
ForceDNSDomain |
Default |
Default/DNSDomain – If set to domain.local it forces the tool to use that domain in a multi-domain environment. If Default it will use the default domain detected. |
|
AutoCompleteLDAPPath |
RootDomain |
RootDomain/LDAP Path – If configured sets the auto complete to only autocomplete usernames from a specific root OU, e.g. Pupils would be: LDAP://OU=Pupils,OU=Users,DC=domain,DC=local |
Next, Check that your users have access to run the exe from your share location.
Go to \\server01\Apps\BBJTPasswordReset Right click on the directory, Properties and click Security. “Password Reset” will need Read and Execute, then inherited System and Administrators Full Control.
Note that standard users should not have modify/delete access to this location as they could modify the settings you have just configured.
Click Edit to change permissions in Windows 2008 R2/Windows 7.
Now make a shortcut available to your users either on the desktop/start menu. Or alternately create a shortcut from a shared area.
e.g. Shortcut to: \\server01\Apps\BBJTPasswordReset\BBJT Password Reset Tool.exe
Installation Complete
Advanced Features
Pre-Defined Password
This feature will allow you to force a predefined password for all password resets. To enable this edit your BBJT-Settings.xml and change: <SetPreDefinedPassword></SetPreDefinedPassword> to <SetPreDefinedPassword>P@ssword</SetPreDefinedPassword>
Search
This feature will allow you to search for users by surname and/or forename. To enable this edit your BBJT-Settings.xml file and chage: <AllowSearch>false</AllowSearch> to <AllowSearch>true</AllowSearch>
Unlock Accounts
To enable this feature edit your BBJT-Settings.xml in the application folder and change <AllowUnlockAccount>false</AllowUnlockAccount> to <AllowUnlockAccount>true</AllowUnlockAccount> and optionally change <CheckPromptUnlockOnPasswordReset>false</CheckPromptUnlockOnPasswordReset> to <CheckPromptUnlockOnPasswordReset>true</CheckPromptUnlockOnPasswordReset>
The bottom setting is not required for the feature to work although it will prompt to unlock the account if it is locked out and the password is reset.
For the unlock account to work extra permissions must be delegated to the user, On a Domain controller of a machine with Active Directory RSAT installed open active directory users and computers.
Right click the OU for delegation and select Delegate Control.
Click next on the wizard and add your password reset group in, then click next.
Select create custom task to delegate and click next.
Select only the following objects in the folder and tick User objects then press next
Remove the tick from general and tick property-specific, then scroll down and tick read
Lockout time and write lockout time, then click next.
Then press finish, the unlock button is now available to the Password Reset Group.
