AdminAdd.nlm

Copyright (c) 2001 by Russell Petersen  All Rights Reserved.
petersen@lanline.com
http://home.cyburban.com/~petersen/

This program may be freely distributed, provided it is not modified and is
accompanied by this readme file, unmodified.

Warning:
There is no warranty for this program, not even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  In no event shall I be
liable for any damages of any kind arising out of use of this program.

AdminAdd is an NLM that creates a NDS user object with Supervisor rights to the
[Root] of the NDS tree.  AdminAdd can also be used to unlock an existing
user by specifying that user.  Adminadd must be run on a Server that has either
the master replica, or a read-write replica of the [Root] partition.  It is
strongly recommended that you try this program in a test environment first.
Although I have run this program successfully on test servers and in a
production environment, I haven't run it on yours.

To run this program type
load adminadd <Username> <Password>
For Username it is necessary to specify the full context username including
the preceding period. For example:
load adminadd newuser password
would fail, however
load adminadd .newuser.context password
would work assuming a valid context


on a Novell Netware 4.x or 5.x file server
adminadd will create a user object : username, grant the user Supervisor rights
to the [Root] and set the user's password.

If the user already exists, the existing user is granted Supervisor rights to
the [Root] and the users password is changed to the one specified.  AdminAdd
also removes the following restrictions that could possibly the user from
logging in:
  Intruder lockout
  Login disabled
  Maximum simultaneous logins
  Login time restrictions
  Expiration time
  Network address restrictions

To those people who consider this program a security risk:  This program
requires access to the console of your file server, either by rconsole, or
direct access to your server.  If untrusted individuals have such access to
your server, it is NOT secure.  Perhaps this program will serve to remove any
delusions you might have as to the security of your server.  Based on the 
posting below I must add that if a user has console operator rights they 
could use the NWSMLoadNLM function to run this program remotely.  But 
untrusted users shouldn't have console operator rights to begin with.

From: nospam (nospam@adm.unige.ch)
 Subject: Re: adminadd.nlm - Creates an admin account or unlock existing account 
 Newsgroups: comp.os.netware.misc
 Date: 2001-04-02 01:02:03 PST 

adminadd.zip::readme.txt : addendum :

Security warning : Once the NLM is on the server's filesystem, OPERATOR or [S]
right to the fileserver is enough to remotely run it. Even if physical access
to the server is enforced, it would be compromised.

