Previous Topic: segracex Utility—Check Password Expiry on UNIXNext Topic: seini Utility—Manage Configuration Files


SegraceW Utility—Check Password Expiry on Windows

Valid on Windows

This Windows GUI grace utility checks whether the user's password has expired and/or the user has a grace login count. If it has, SegraceW displays a window in which the user can replace the password.

SegraceW can be executed as a standalone module in a non-CA ControlMinder environment. This enables you to apply this utility on any workstation in a domain.

SegraceW tries to connect first to the primary domain controller (in an NT 4.0 environment). SegraceW looks for backup domain controllers only if the attempted connection fails. In a Windows 2000 or later environment, SegraceW tries to connect to the first domain controller it finds.

Note: If a remote host is specified explicitly in the SegraceW execution options, then SegraceW connects only to the remote host.

The SegraceW utility is designed to be called from login batch files located at Domain Controller's NETLOGON share.

The SegraceW utility checks whether the user password has expired and/or the user has a grace login count.

Note: For segraceW implementation in a domain environment,you must install MS VC++ 2005 Redistributable to the member server. The installation must be equivalent to the CA ControlMinder installation on the remote server.

If the grace login count attribute of the user exists, then:

If the user does not have a grace login count, SegraceW checks password expiration status.

When changing the password, SegraceW displays a ”change password” message that asks the user to provide the old password, the new password, and confirm the new password.

After passing confirmation check, the password is updated in the domain controller's SAM database.

This command has the following format:

segracew [d] [-s host]
d

Sets the warning days parameter to be different from the default configured in the server.

-s host

Connects to the specified remote or local host to retrieve information.

Note: Before you can connect to a remote host, copy the encryption library from the remote host to the local host and rename it to defence.dll.