A command-prompt time-saver and a routine to randomize a password

This month, I have two useful Windows 2000 tools for you. The first, cmdhere.inf, modifies Windows Explorer so that you can right-click any folder and choose CMD Prompt Here. A command-prompt window then appears, and the default directory is already set to the folder that you right-clicked.

Why is Cmdhere useful? Because long pathnames make directory navigation a pain. For example, suppose you want to run a command-line utility from the Microsoft Windows 2000 Server Resource Kit. You need to open a command prompt, then type a command and path such as

cd "c:\program filesresource kit"

As if that process weren't inconvenient enough, you're probably already looking at C:\program files\resource kit in Windows Explorer, yet Windows Explorer still makes you do all that typing. If you install cmdhere.inf, you can simply right-click the resource kit folder and choose CMD Prompt Here.

To install cmdhere.inf, just right-click the file in Windows Explorer, then choose Install. Cmdhere.inf isn't perfect—you must right-click the actual folder icon; you can't just right-click the empty background inside a folder—but it's useful.

I found cusrmgr.exe when one of my clients was having trouble getting network administrators to be accountable for their actions. Six people in the client's firm do all network-related administration, and everyone who needs to do administration-related tasks is a member of Domain Admins (that's not the greatest strategy, but the client likes it). Several administrators are in the habit of using the default Administrator account to log on and do their work. That troubled the folks in charge because they wanted to be able to track what people did, but when several people use the Administrator account, not much tracking is possible.

I suggested randomizing the Administrator password, establishing a policy that no one is to change the password, and auditing password changes. Then, if an administrator changes the Administrator password, that action will show up in the log and the administrator can be reprimanded, banished, or whatever. Occasionally, you need to use the Administrator account, of course, but for those occasions, human resources (HR) can simply work out a procedure for approving its use.

Cusrmgr.exe is a file from the resource kit directory that lets you randomize a password. The tool's syntax is

cusrmgr -u <username>
 -p -m <machinename>

where username is the user account name and machinename is the name of the machine that holds the user account. (If the user account is a domain account, use the machine name of a domain controller—DC.) Specifying -p makes the password random.

Suppose I'm at a workstation in a domain named MYDOMAIN and I want to randomize the domain's Administrator password. Assuming that MYDOMAIN has a DC named DC4, I would type

cusrmgr -u Administrator -p -m \\DC4

Be sure the p is lowercase. A command with a capital P, such as

cusrmgr -u Administrator -P bigsecret -m \\DC4

sets a particular password—in this case, the command sets the Administrator account's password to bigsecret. For an explanation of how to use Cusrmgr in a batch file to change the password on multiple computers, see Sean Daily, Daily Answers, April 2002, InstantDoc ID 24210.

^^^^ ^^^