1

How to create windows user using some command line tool or windows API or .NET without hard-coding the password, I need a way to create a user with some password without actually knowing this password, (The program knows only its hash for example).

For example:

Any method to create a windows user with a spicific password will be like this:

UsersUtil.CreateUser("username", "SpIcif1c_Passw0rd");

I need an the code to be like this:

UsersUtil.CreateUser("username", "7604905d86ed36b69a657366e5b5c35f");
//"7604905d86ed36b69a657366e5b5c35f" is the hash for SpIcif1c_Passw0rd for example

I need the code of this CreateUser method or something similar!!

Improve this question
24
  • If you down-voted please say why! Commented Nov 27, 2013 at 16:34
  • Not the downvoter, but there's very little research effort, and kind of unclear what you're asking. What have you tried? Where are you running into problems? stackoverflow.com/questions/384304/… seems like it addresses a lot of how to create an account. Commented Nov 27, 2013 at 16:37
  • My problem is not with creating the user, my problem us how to create it without hard-coding the password, there is thousands of ways to create a windows user programmatially, but you need to put the password as clear text. Commented Nov 27, 2013 at 16:39
  • @StevenV is it more clear now :) Commented Nov 27, 2013 at 16:46
  • 2
    @IInspectable: all he needs to know is the password hash for whatever algorithm the Windows SAM uses (MD5 IIRC). So there's really no reason in principle why this couldn't be possible, although AFAIK Windows provides no supported way to do it. It's a fair question. Commented Nov 28, 2013 at 7:05

1 Answer 1

Reset to default
1

Unfortunately, there are two problems with this:

  1. To the best of my knowledge Windows doesn't provide any supported mechanism. It might be possible to do this by manipulating the SAM directly, but there's no guarantee that what works today will work tomorrow.

  2. In Windows, the password hash is a password-equivalent, i.e., anyone who knows the hash can (under certain circumstances) access the account as if he or she had the password. So using the hash rather than the password doesn't actually give you the security benefit you're presumably aiming for. (Google "pass the hash" for more information.)

If you post another question describing your scenario, we may be able to suggest alternative approaches, though I'm afraid this is typically an awkward problem to solve. Or, if you prefer, you can email me directly (see my profile for contact details) and I may be able to help.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

All I was trying to do is to solve hardcoded passwords problem in some legacy code, I have found some workarounds.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.