Article ID: 177200 - Last Review: March 21, 2005 - Revision: 4.3

How To Programmatically Change Network Password Under Windows 95, Windows 98, Windows Me

Retired KB ArticleRetired KB Content Disclaimer
View products that this article applies to.
This article was previously published under Q177200

On This Page

Expand all | Collapse all

SUMMARY

If you want to design your application to implement its own routine to change domain passwords on Microsoft Windows 95, Windows 98, Windows Millennium Edition (Me) you have several methods available to you, each one of which has limitations on functionality, portability, or security. This article describes two of these methods in detail.
Back to the top

MORE INFORMATION

Method 1

Dynamically load the 32-bit API PwdChangePassword() from Mpr.dll and it will successfully change passwords. However, it will display a non- customizable dialog box to prompt the user for password information. If you want your application to have its own interface for changing passwords, you cannot use this API.

NOTE: PwdChangePassword() is the only interface that will change the Windows password as well as your network password.

The following sample code demonstrates how to use PwdChangePassword.
Back to the top

Sample Code

   //////////////////////////////////// 
   #include <windows.h>
   #include <stdio.h>
   #include "pwdspi.h"// Found in July 96 DDK otherwise define as follows

   #ifndef PS_SYNCMASTERPWD //if pwdspi.h is not present
   #define PS_SYNCMASTERPWD         0x03
   #define PS_SYNCMASTERPWD_OFF     0x00
   #define PS_SYNCMASTERPWD_ON      0x01

   // Function definition of PwdChangePassword and helper struct for
   // Windows 95. Helper structure (also found in pwdspi.h)
   typedef struct _CHANGEPWDINFO{
      LPTSTR lpUsername;
      LPTSTR lpPassword;
      DWORD cbPassword;
   } CHANGEPWDINFO, FAR *LPCHANGEPWDINFO;
   #endif

   // Function definitions:
   typedef DWORD
    (APIENTRY *LPPwdChangePassword)(LPCTSTR,HWND,DWORD,LPCHANGEPWDINFO);
   typedef DWORD (APIENTRY *LPPwdSetPasswordStatus)(LPCSTR,DWORD,DWORD);

   // Function to display error messages upon API failure
   void DisplayError(char *pszAPI);

   void main()
   {
   CHANGEPWDINFO   s = {NULL,NULL,0}; // initialize struct to empty.
   LPPwdChangePassword sPwdChangePassword;
   LPPwdSetPasswordStatus sPwdSetPasswordStatus;
   DWORD   res = 0;
   DWORD   cbUserName = 250;
   HINSTANCE   lib = LoadLibrary("MPR.DLL");

   if (lib == NULL)
        DisplayError("LoadLibrary");

   // To synchronize network provider password with windows password we
   // need to call PwdSetPasswordStatus. By synchronizing the network
   // provider password we avoid having to change each password separately.
   // Network providers listed in registry at:
   // HKLM/System\CurrentControlSet\Control\PwdProvider

   // Get address of PwdGetPasswordStatus
   sPwdSetPasswordStatus =
      (LPPwdSetPasswordStatus) GetProcAddress(lib,"PwdSetPasswordStatusA");
   if (sPwdSetPasswordStatus == NULL)
      DisplayError("GetProcAddress");

   res = sPwdSetPasswordStatus("MSNP32", // name of password provider
                               PS_SYNCMASTERPWD,
                               PS_SYNCMASTERPWD_ON
                               );
   if (res != WN_SUCCESS)
        DisplayError("PwdSetPasswordStatus");

   // Must get PwdChangePasswordA because in Windows 95 we are using the
   // ascii version of the exported function
   sPwdChangePassword =
      (LPPwdChangePassword) GetProcAddress(lib,"PwdChangePasswordA");

   // Call sPwdChangePassword specifying NULL as network provider.
   // This causes windows (non-network) password to be changed and hence
   // all synchronized passwords.
   res = sPwdChangePassword(    NULL, // Network provider
                                GetDesktopWindow(), //Window to own dialog
                                0,  // No special flag
                                &s  // Address of CHANGEPWDINFO structure
                                );
   if (res != WN_SUCCESS)
        DisplayError("PwdChangePassword");

   FreeLibrary(lib);
   printf("Password = %s\n",s.lpPassword);

   return;
   }

   void DisplayError(char *pszAPI)
   {
   LPVOID lpvMessageBuffer;

   FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM,
                 NULL, GetLastError(),
                 MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
                 (LPTSTR)&lpvMessageBuffer, 0, NULL);

   //... now display this string
   printf("ERROR: API        = %s.\n", pszAPI);
   printf("       error code = %d.\n", GetLastError());
   printf("       message    = %s.\n", (char *)lpvMessageBuffer);

   // Free the buffer allocated by the system
   LocalFree(lpvMessageBuffer);
   ExitProcess(GetLastError());
   }
Back to the top

Method 2

A relatively easy way to change passwords under Windows 95, Windows 98, and Windows Me is to have a server process running on a Windows NT server that creates a named pipe to which the operating system client can connect. The Windows NT Server calls the ImpersonateNamedPipeClient() API and get the Windows 95 user's domain name and user name.

The Client then sends the password information to the Windows NT process which can then call the NetUserChangePassword() API. The restrictions to this design are that you need a process running on a Windows NT Server, and that sending the password information over a network poses a security risk. To increase the level of security, you can encrypt the password before sending it over the network. For more information on encryption see the Crypto API documentation in the Win32 SDK. Furthermore, this method changes the network password only, not the Windows Logon Password. You can only change the Windows Logon Password by implementing Option 1 above. This means that the Windows Password and the Network passwords are not be synchronized. As a result, the user has to enter both passwords when logging onto Windows 95, Windows 98, and Windows Me.

NOTE: You should not use the 16-bit Lan Manager API NetUserChangePassword(). This API changes the password to all uppercase characters and then sends the username and password combination across the network in non-encrypted clear text form. This is not only a security risk, it may also invalidate the original password by modifying changing it to an all uppercase version that may no longer be valid if the server applies password filtering.
Back to the top
APPLIES TO
  • Microsoft Win32 Application Programming Interface, when used with:
    • Microsoft Windows 95
    • Microsoft Windows 98 Standard Edition
    • Microsoft Windows Millennium Edition
Back to the top
Keywords: 
kbapi kbfaq kbhowto kbkernbase kbnetwork kbsecurity KB177200
Back to the top
Retired KB ArticleRetired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations