Member Avatar for Cosmocrazy

At my school, there are many, many computers. Many of them are binded to a domain controller. This allows every student to have their own account and their own home directory. The problem is that there is a public account. This means that most of the students don't even know about, let alone use, their domain accounts. Every time they log onto the computer, they get the desktop, documents, and other junk of all the people before that person. I cannot stand to see this happen. It's as if the domain controller doesn't exist. A very valuable resource is going to waste.

The reason for the public account, as explained to me by my school's administrator, is to prevent the overwhelming number of password reset requests he would receive if there was no public account. My question is: what is the best way to implement automated password resets? I know how to change a domain account password with a .bat file, but I don't know how I would pass parameters to it (by e-mail maybe?) and I also don't know how I would verify the source of the request. Please help me, as I'm sure this is nothing new for other administrators. I would greatly appreciate your help.

  • 5 Contributors
  • 5 Replies
  • 2K Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by MidiMagic

Recommended Answers

All 5 Replies

Member Avatar for HoustonIT

Have you thought about just giving each user a password and set their account to "user cannot change password".

Member Avatar for itdupuis

This means that most of the students don't even know about, let alone use, their domain accounts. Every time they log onto the computer, they get the desktop, documents, and other junk of all the people before that person.


Ok, I am a bit confused. Are you saying that they are using the public account, or are not using the public account (what you said might make perfect sense, but I have had a long day at work!!). If they are using a public account just have the password change periodically on that account--if you are not wanting them to access the public account. If you are wanting them each to utilize a personal account, as HoustonIT has said, give them each usernames/passwords. I also work for a school and we have it set up that password change requests come directly to the I.T. department. This saves from administration being annoyed by the process. Also you do have to have control settings in place or little Jimmy Forget A Lot will knock on your door every tuesday and thursday for a password change. Like they can only request one password change per month....if they lose their password, they lose their computer privelage. Just some ideas, good luck!

Member Avatar for Cosmocrazy

Thanks for the replies.

When I said that they don't use their domain accounts, I meant that everyone in the school uses one public account and 75% of them don't even know that they have personal accounts.

I also work for a school and we have it set up that password change requests come directly to the I.T. department. This saves from administration being annoyed by the process. Also you do have to have control settings in place or little Jimmy Forget A Lot will knock on your door every tuesday and thursday for a password change. Like they can only request one password change per month....if they lose their password, they lose their computer privelage.

That's exactly the reason there's a public account: to prevent password reset requests. And restricting the amount of password resets they can have per month is not an option. That's why I'm looking for a solution. I know there are online services, but those cost quite a lot of money, so I'm wondering if anyone has a better solution.

Member Avatar for bobbyraw

you can use active directory to manage all the user and set password restriction such as reset or expires after a few months, weeks or days. this would mean you would get calls to the IT department for password reset. there is no way around that if you use AD. as for the public account i am assuming it is not password protected. so any student can log on. there is no way around this either because each user can set the desktop the way they want. the only option for this is to lock out certain features that when the user sign on they cannot change. here you can set restriction throught the domain controller ( AD) or on each individual computer. ( you can use a bat file or script to accomplish this).

Member Avatar for MidiMagic

We have Deep Freeze on our desktops. If the computer is rebooted, or if it sits idle for two hours, everything students put on it is removed, and the computer is restored to standard configuration.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.