Prev: Filesystemwatcher file owner and filename length issue
Next: Vb.net 2008 - System.data.enumerablerowcollection(of system.data.datarow)convert to string???
From: Johann Meier on 25 Nov 2009 20:35 Hello, our company has developed a setup assistent for our Products (it starts the Setup file of the Client Software, installs and configures a SQL-Express Database Server instance for our product and attaches the Database of our product to the sql-server instance). All parameters (such as SQL-Server instance name or the name of the Database) are currently completely validated inside the Setup asssistent to prevent a crash of the SQL-Server setup while running with the /QS parameter (shows progress UI but prevents user interaction). Today we noticed that the MS-SQL Server Setup fails when the password passed by the command line does not match to the password policy of the domain controller. I see two possible way's to solve this problem: 1. There is a way to disable the password check against the security policy (local/domain) by command line (I have found posts of other peoples with the same problem, but in none of the threads someone was able to provide a solution for this problem) 2. We integrate the same security check of the password against the security policy of the system/domain into the validation mechanisms of our setup assistent to prevent the user from typing in an invalid password. I already googled about this topic and have found the following page: http://social.msdn.microsoft.com/forums/en-US/sqlsecurity/thread/a378359c-388d-4dbb-919f-73ec10025f56/ It looks like the SQL-Server uses the API Procedure "NetValidatePasswordPolicy" to validate passwords against the domain policy. The documentation of the Procedure was not very helpful for me. For example the procedure has three modes of operation (NetValidateAuthentication, NetValidatePasswordChange, NetValidatePasswordReset) and I have no idea which mode I have to use for performing the same password check as the SQL-Server Setup is doing it. And even when I knew it, I have no idea how to construct the convoluted data structures the procedure is expecting as input parameter. I would be very thankful for any ideas how to get this to work. Greetings from Germany, Johann
From: Bastian Krauß on 2 Dec 2009 08:30
Hi, > It looks like the SQL-Server uses the API Procedure > "NetValidatePasswordPolicy" to validate passwords against the domain > policy. The documentation of the Procedure was not very helpful for me. > For example the procedure has three modes of operation > (NetValidateAuthentication, NetValidatePasswordChange, > NetValidatePasswordReset) and I have no idea which mode I have to use > for performing the same password check as the SQL-Server Setup is doing > it. And even when I knew it, I have no idea how to construct the > convoluted data structures the procedure is expecting as input parameter. our company had a similar Problem. We solved it with an unmanaged C++ Wrapper. 1. Create an new "Visual C++ > CLR > Class library" Project in your Visual Studio 2008. 2. Rename the Class that was included in the template to "PasswordValidator" (Rename the .h and the .cpp file) 3. Paste following code to the .h file: // PasswordValidator.h #pragma once using namespace System; namespace isadpvl { public ref class PasswordValidator { public :int ValidatePassword(System::String ^paramPassword) { pin_ptr<const wchar_t> wchDomain = PtrToStringChars(paramPassword); size_t convertedCharsPassword = 0; size_t sizeInBytesPassword = ((paramPassword->Length + 1) * 2); errno_t errPassword = 0; char *chPassword = (char *)malloc(sizeInBytesPassword); errPassword = wcstombs_s(&convertedCharsPassword, chPassword, sizeInBytesPassword, wchDomain, sizeInBytesPassword); if (errPassword != 0) throw gcnew Exception("Passwort konnte nicht konvertiert werden"); // first, find out the required buffer size, in wide characters int nPasswordSize = MultiByteToWideChar(CP_ACP, 0, chPassword, -1, NULL, 0); LPWSTR wPassword = new WCHAR[nPasswordSize]; // call again to make the conversion MultiByteToWideChar(CP_ACP, 0, chPassword, -1, wPassword, nPasswordSize); NET_API_STATUS stat; NET_VALIDATE_PASSWORD_CHANGE_INPUT_ARG InputArg = {0}; NET_VALIDATE_OUTPUT_ARG* pOutputArg = NULL; wchar_t* wzServer = 0; //wchar_t wzPwd = chPassword; InputArg.ClearPassword = wPassword; InputArg.PasswordMatch = TRUE; stat = NetValidatePasswordPolicy(wzServer, NULL, NetValidatePasswordChange, &InputArg, (void**)&pOutputArg); NET_API_STATUS intStatus = pOutputArg->ValidationStatus; NetValidatePasswordPolicyFree((void**)&pOutputArg); delete []wPassword; return intStatus; } }; } 4. Paste following code to the .cpp file: #include "stdafx.h" #include <windows.h> #include <lm.h> #include <stdio.h> #include < vcclr.h > #pragma comment(lib, "Netapi32.lib") #include "PasswordValidator.h" 6. Compile the code for 32 and 64 bit in release mode and copy the two dlls to the directory of your binary (in our case isadpvl32.dll and isadpvl64.dll) 5. Create in your VB.NET Project a new Class with the name Win2k3AndHigherPasswordValidator and insert following code. Imports System.IO Imports System.Reflection Namespace PasswordValidators Public Class Win2k3AndHigherPasswordValidator Private prvInnerValidator As Object #Region "Result Enum" Private Enum enmResult NERR_Success = 0 ' <summary> 2100 - The base code for network errors. </summary> NERR_Base = 2100 ' <summary> 2102 - The workstation driver is not installed. </summary> NERR_NetNotStarted = 2102 ' <summary> 2103 - The server could not be located. </summary> NERR_UnknownServer = 2103 ' <summary> 2104 - An internal error occurred. The network cannot access a shared memory segment. </summary> NERR_ShareMem = 2104 ' <summary> 2105 - A network resource shortage occurred. </summary> NERR_NoNetworkResource = 2105 ' <summary> 2106 - This operation is not supported on workstations. </summary> NERR_RemoteOnly = 2106 ' <summary> 2107 - The device is not connected. </summary> NERR_DevNotRedirected = 2107 ' <summary> 2114 - The Server service is not started. </summary> NERR_ServerNotStarted = 2114 ' <summary> 2115 - The queue is empty. </summary> NERR_ItemNotFound = 2115 ' <summary> 2116 - The device or directory does not exist. </summary> NERR_UnknownDevDir = 2116 ' <summary> 2117 - The operation is invalid on a redirected resource. </summary> NERR_RedirectedPath = 2117 ' <summary> 2118 - The name has already been shared. </summary> NERR_DuplicateShare = 2118 ' <summary> 2119 - The server is currently out of the requested resource. </summary> NERR_NoRoom = 2119 ' <summary> 2121 - Requested addition of items exceeds the maximum allowed. </summary> NERR_TooManyItems = 2121 ' <summary> 2122 - The Peer service supports only two simultaneous users. </summary> NERR_InvalidMaxUsers = 2122 ' <summary> 2123 - The API return buffer is too small. </summary> NERR_BufTooSmall = 2123 ' <summary> 2127 - A remote API error occurred. </summary> NERR_RemoteErr = 2127 ' <summary> 2131 - An error occurred when opening or reading the configuration file. </summary> NERR_LanmanIniError = 2131 ' <summary> 2136 - A general network error occurred. </summary> NERR_NetworkError = 2136 ' <summary> 2137 - The Workstation service is in an inconsistent state. Restart the computer before restarting the Workstation service. </summary> NERR_WkstaInconsistentState = 2137 ' <summary> 2138 - The Workstation service has not been started. </summary> NERR_WkstaNotStarted = 2138 ' <summary> 2139 - The requested information is not available. </summary> NERR_BrowserNotStarted = 2139 ' <summary> 2140 - An internal error occurred. </summary> NERR_InternalError = 2140 ' <summary> 2141 - The server is not configured for transactions. </summary> NERR_BadTransactConfig = 2141 ' <summary> 2142 - The requested API is not supported on the remote server. </summary> NERR_InvalidAPI = 2142 ' <summary> 2143 - The event name is invalid. </summary> NERR_BadEventName = 2143 ' <summary> 2144 - The computer name already exists on the network. Change it and restart the computer. </summary> NERR_DupNameReboot = 2144 ' <summary> 2146 - The specified component could not be found in the configuration information. </summary> NERR_CfgCompNotFound = 2146 ' <summary> 2147 - The specified parameter could not be found in the configuration information. </summary> NERR_CfgParamNotFound = 2147 ' <summary> 2149 - A line in the configuration file is too long. </summary> NERR_LineTooLong = 2149 ' <summary> 2150 - The printer does not exist. </summary> NERR_QNotFound = 2150 ' <summary> 2151 - The print job does not exist. </summary> NERR_JobNotFound = 2151 ' <summary> 2152 - The printer destination cannot be found. </summary> NERR_DestNotFound = 2152 ' <summary> 2153 - The printer destination already exists. </summary> NERR_DestExists = 2153 ' <summary> 2154 - The printer queue already exists. </summary> NERR_QExists = 2154 ' <summary> 2155 - No more printers can be added. </summary> NERR_QNoRoom = 2155 ' <summary> 2156 - No more print jobs can be added. </summary> NERR_JobNoRoom = 2156 ' <summary> 2157 - No more printer destinations can be added. </summary> NERR_DestNoRoom = 2157 ' <summary> 2158 - This printer destination is idle and cannot accept control operations. </summary> NERR_DestIdle = 2158 ' <summary> 2159 - This printer destination request contains an invalid control function. </summary> NERR_DestInvalidOp = 2159 ' <summary> 2160 - The print processor is not responding. </summary> NERR_ProcNoRespond = 2160 ' <summary> 2161 - The spooler is not running. </summary> NERR_SpoolerNotLoaded = 2161 ' <summary> 2162 - This operation cannot be performed on the print destination in its current state. </summary> NERR_DestInvalidState = 2162 ' <summary> 2163 - This operation cannot be performed on the printer queue in its current state. </summary> NERR_QinvalidState = 2163 ' <summary> 2164 - This operation cannot be performed on the print job in its current state. </summary> NERR_JobInvalidState = 2164 ' <summary> 2165 - A spooler memory allocation failure occurred. </summary> NERR_SpoolNoMemory = 2165 ' <summary> 2166 - The device driver does not exist. </summary> NERR_DriverNotFound = 2166 ' <summary> 2167 - The data type is not supported by the print processor. </summary> NERR_DataTypeInvalid = 2167 ' <summary> 2168 - The print processor is not installed. </summary> NERR_ProcNotFound = 2168 ' <summary> 2180 - The service database is locked. </summary> NERR_ServiceTableLocked = 2180 ' <summary> 2181 - The service table is full. </summary> NERR_ServiceTableFull = 2181 ' <summary> 2182 - The requested service has already been started. </summary> NERR_ServiceInstalled = 2182 ' <summary> 2183 - The service does not respond to control actions. </summary> NERR_ServiceEntryLocked = 2183 ' <summary> 2184 - The service has not been started. </summary> NERR_ServiceNotInstalled = 2184 ' <summary> 2185 - The service name is invalid. </summary> NERR_BadServiceName = 2185 ' <summary> 2186 - The service is not responding to the control function. </summary> NERR_ServiceCtlTimeout = 2186 ' <summary> 2187 - The service control is busy. </summary> NERR_ServiceCtlBusy = 2187 ' <summary> 2188 - The configuration file contains an invalid service program name. </summary> NERR_BadServiceProgName = 2188 ' <summary> 2189 - The service could not be controlled in its present state. </summary> NERR_ServiceNotCtrl = 2189 ' <summary> 2190 - The service ended abnormally. </summary> NERR_ServiceKillProc = 2190 ' <summary> 2191 - The requested pause or stop is not valid for this service. </summary> NERR_ServiceCtlNotValid = 2191 ' <summary> 2192 - The service control dispatcher could not find the service name in the dispatch table. </summary> NERR_NotInDispatchTbl = 2192 ' <summary> 2193 - The service control dispatcher pipe read failed. </summary> NERR_BadControlRecv = 2193 ' <summary> 2194 - A thread for the new service could not be created. </summary> NERR_ServiceNotStarting = 2194 ' <summary> 2200 - This workstation is already logged on to the local-area network. </summary> NERR_AlreadyLoggedOn = 2200 ' <summary> 2201 - The workstation is not logged on to the local-area network. </summary> NERR_NotLoggedOn = 2201 ' <summary> 2202 - The user name or group name parameter is invalid. </summary> NERR_BadUsername = 2202 ' <summary> 2203 - The password parameter is invalid. </summary> NERR_BadPassword = 2203 ' <summary> 2204 - @W The logon processor did not add the message alias. </summary> NERR_UnableToAddName_W = 2204 ' <summary> 2205 - The logon processor did not add the message alias. </summary> NERR_UnableToAddName_F = 2205 ' <summary> 2206 - @W The logoff processor did not delete the message alias. </summary> NERR_UnableToDelName_W = 2206 ' <summary> 2207 - The logoff processor did not delete the message alias. </summary> NERR_UnableToDelName_F = 2207 ' <summary> 2209 - Network logons are paused. </summary> NERR_LogonsPaused = 2209 ' <summary> 2210 - A centralized logon-server conflict occurred. </summary> NERR_LogonServerConflict = 2210 ' <summary> 2211 - The server is configured without a valid user path. </summary> NERR_LogonNoUserPath = 2211 ' <summary> 2212 - An error occurred while loading or running the logon script. </summary> NERR_LogonScriptError = 2212 ' <summary> 2214 - The logon server was not specified. Your computer will be logged on as STANDALONE. </summary> NERR_StandaloneLogon = 2214 ' <summary> 2215 - The logon server could not be found. </summary> NERR_LogonServerNotFound = 2215 ' <summary> 2216 - There is already a logon domain for this computer. </summary> NERR_LogonDomainExists = 2216 ' <summary> 2217 - The logon server could not validate the logon. </summary> NERR_NonValidatedLogon = 2217 ' <summary> 2219 - The security database could not be found. </summary> NERR_ACFNotFound = 2219 ' <summary> 2220 - The group name could not be found. </summary> NERR_GroupNotFound = 2220 ' <summary> 2221 - The user name could not be found. </summary> NERR_UserNotFound = 2221 ' <summary> 2222 - The resource name could not be found. </summary> NERR_ResourceNotFound = 2222 ' <summary> 2223 - The group already exists. </summary> NERR_GroupExists = 2223 ' <summary> 2224 - The user account already exists. </summary> NERR_UserExists = 2224 ' <summary> 2225 - The resource permission list already exists. </summary> NERR_ResourceExists = 2225 ' <summary> 2226 - This operation is only allowed on the primary domain controller of the domain. </summary> NERR_NotPrimary = 2226 ' <summary> 2227 - The security database has not been started. </summary> NERR_ACFNotLoaded = 2227 ' <summary> 2228 - There are too many names in the user accounts database. </summary> NERR_ACFNoRoom = 2228 ' <summary> 2229 - A disk I/O failure occurred. </summary> NERR_ACFFileIOFail = 2229 ' <summary> 2230 - The limit of 64 entries per resource was exceeded. </summary> NERR_ACFTooManyLists = 2230 ' <summary> 2231 - Deleting a user with a session is not allowed. </summary> NERR_UserLogon = 2231 ' <summary> 2232 - The parent directory could not be located. </summary> NERR_ACFNoParent = 2232 ' <summary> 2233 - Unable to add to the security database session cache segment. </summary> NERR_CanNotGrowSegment = 2233 ' <summary> 2234 - This operation is not allowed on this special group. </summary> NERR_SpeGroupOp = 2234 ' <summary> 2235 - This user is not cached in user accounts database session cache. </summary> NERR_NotInCache = 2235 ' <summary> 2236 - The user already belongs to this group. </summary> NERR_UserInGroup = 2236 ' <summary> 2237 - The user does not belong to this group. </summary> NERR_UserNotInGroup = 2237 ' <summary> 2238 - This user account is undefined. </summary> NERR_AccountUndefined = 2238 ' <summary> 2239 - This user account has expired. </summary> NERR_AccountExpired = 2239 ' <summary> 2240 - The user is not allowed to log on from this workstation. </summary> NERR_InvalidWorkstation = 2240 ' <summary> 2241 - The user is not allowed to log on at this time. </summary> NERR_InvalidLogonHours = 2241 ' <summary> 2242 - The password of this user has expired. </summary> NERR_PasswordExpired = 2242 ' <summary> 2243 - The password of this user cannot change. </summary> NERR_PasswordCantChange = 2243 ' <summary> 2244 - This password cannot be used now. </summary> NERR_PasswordHistConflict = 2244 ' <summary> 2245 - The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements. </summary> NERR_PasswordTooShort = 2245 ' <summary> 2246 - The password of this user is too recent to change. </summary> NERR_PasswordTooRecent = 2246 ' <summary> 2247 - The security database is corrupted. </summary> NERR_InvalidDatabase = 2247 ' <summary> 2248 - No updates are necessary to this replicant network/local security database. </summary> NERR_DatabaseUpToDate = 2248 ' <summary> 2249 - This replicant database is outdated synchronization is required. </summary> NERR_SyncRequired = 2249 ' <summary> 2250 - The network connection could not be found. </summary> NERR_UseNotFound = 2250 ' <summary> 2251 - This asg_type is invalid. </summary> NERR_BadAsgType = 2251 ' <summary> 2252 - This device is currently being shared. </summary> NERR_DeviceIsShared = 2252 ' <summary> 2270 - The computer name could not be added as a message alias. The name may already exist on the network. </summary> NERR_NoComputerName = 2270 ' <summary> 2271 - The Messenger service is already started. </summary> NERR_MsgAlreadyStarted = 2271 ' <summary> 2272 - The Messenger service failed to start. </summary> NERR_MsgInitFailed = 2272 ' <summary> 2273 - The message alias could not be found on the network. </summary> NERR_NameNotFound = 2273 ' <summary> 2274 - This message alias has already been forwarded. </summary> NERR_AlreadyForwarded = 2274 ' <summary> 2275 - This message alias has been added but is still forwarded. </summary> NERR_AddForwarded = 2275 ' <summary> 2276 - This message alias already exists locally. </summary> NERR_AlreadyExists = 2276 ' <summary> 2277 - The maximum number of added message aliases has been exceeded. </summary> NERR_TooManyNames = 2277 ' <summary> 2278 - The computer name could not be deleted. </summary> NERR_DelComputerName = 2278 ' <summary> 2279 - Messages cannot be forwarded back to the same workstation. </summary> NERR_LocalForward = 2279 ' <summary> 2280 - An error occurred in the domain message processor. </summary> NERR_GrpMsgProcessor = 2280 ' <summary> 2281 - The message was sent, but the recipient has paused the Messenger service. </summary> NERR_PausedRemote = 2281 ' <summary> 2282 - The message was sent but not received. </summary> NERR_BadReceive = 2282 ' <summary> 2283 - The message alias is currently in use. Try again later. </summary> NERR_NameInUse = 2283 ' <summary> 2284 - The Messenger service has not been started. </summary> NERR_MsgNotStarted = 2284 ' <summary> 2285 - The name is not on the local computer. </summary> NERR_NotLocalName = 2285 ' <summary> 2286 - The forwarded message alias could not be found on the network. </summary> NERR_NoForwardName = 2286 ' <summary> 2287 - The message alias table on the remote station is full. </summary> NERR_RemoteFull = 2287 ' <summary> 2288 - Messages for this alias are not currently being forwarded. </summary> NERR_NameNotForwarded = 2288 ' <summary> 2289 - The broadcast message was truncated. </summary> NERR_TruncatedBroadcast = 2289 ' <summary> 2294 - This is an invalid device name. </summary> NERR_InvalidDevice = 2294 ' <summary> 2295 - A write fault occurred. </summary> NERR_WriteFault = 2295 ' <summary> 2297 - A duplicate message alias exists on the network. </summary> NERR_DuplicateName = 2297 ' <summary> 2298 - @W This message alias will be deleted later. </summary> NERR_DeleteLater = 2298 ' <summary> 2299 - The message alias was not successfully deleted from all networks. </summary> NERR_IncompleteDel = 2299 ' <summary> 2300 - This operation is not supported on computers with multiple networks. </summary> NERR_MultipleNets = 2300 ' <summary> 2310 - This shared resource does not exist. </summary> NERR_NetNameNotFound = 2310 ' <summary> 2311 - This device is not shared. </summary> NERR_DeviceNotShared = 2311 ' <summary> 2312 - A session does not exist with that computer name. </summary> NERR_ClientNameNotFound = 2312 ' <summary> 2314 - There is not an open file with that identification number. </summary> NERR_FileIdNotFound = 2314 ' <summary> 2315 - A failure occurred when executing a remote administration command. </summary> NERR_ExecFailure = 2315 ' <summary> 2316 - A failure occurred when opening a remote temporary file. </summary> NERR_TmpFile = 2316 ' <summary> 2317 - The data returned from a remote administration command has been truncated to 64K. </summary> NERR_TooMuchData = 2317 ' <summary> 2318 - This device cannot be shared as both a spooled and a non-spooled resource. </summary> NERR_DeviceShareConflict = 2318 ' <summary> 2319 - The information in the list of servers may be incorrect. </summary> NERR_BrowserTableIncomplete = 2319 ' <summary> 2320 - The computer is not active in this domain. </summary> NERR_NotLocalDomain = 2320 ' <summary> 2321 - The share must be removed from the Distributed File System before it can be deleted. </summary> NERR_IsDfsShare = 2321 ' <summary> 2331 - The operation is invalid for this device. </summary> NERR_DevInvalidOpCode = 2331 ' <summary> 2332 - This device cannot be shared. </summary> NERR_DevNotFound = 2332 ' <summary> 2333 - This device was not open. </summary> NERR_DevNotOpen = 2333 ' <summary> 2334 - This device name list is invalid. </summary> NERR_BadQueueDevString = 2334 ' <summary> 2335 - The queue priority is invalid. </summary> NERR_BadQueuePriority = 2335 ' <summary> 2337 - There are no shared communication devices. </summary> NERR_NoCommDevs = 2337 ' <summary> 2338 - The queue you specified does not exist. </summary> NERR_QueueNotFound = 2338 ' <summary> 2340 - This list of devices is invalid. </summary> NERR_BadDevString = 2340 ' <summary> 2341 - The requested device is invalid. </summary> NERR_BadDev = 2341 ' <summary> 2342 - This device is already in use by the spooler. </summary> NERR_InUseBySpooler = 2342 ' <summary> 2343 - This device is already in use as a communication device. </summary> NERR_CommDevInUse = 2343 ' <summary> 2351 - This computer name is invalid. </summary> NERR_InvalidComputer = 2351 ' <summary> 2354 - The string and prefix specified are too long. </summary> NERR_MaxLenExceeded = 2354 ' <summary> 2356 - This path component is invalid. </summary> NERR_BadComponent = 2356 ' <summary> 2357 - Could not determine the type of input. </summary> NERR_CantType = 2357 ' <summary> 2362 - The buffer for types is not big enough. </summary> NERR_TooManyEntries = 2362 ' <summary> 2370 - Profile files cannot exceed 64K. </summary> NERR_ProfileFileTooBig = 2370 ' <summary> 2371 - The start offset is out of range. </summary> NERR_ProfileOffset = 2371 ' <summary> 2372 - The system cannot delete current connections to network resources. </summary> NERR_ProfileCleanup = 2372 ' <summary> 2373 - The system was unable to parse the command line in this file. </summary> NERR_ProfileUnknownCmd = 2373 ' <summary> 2374 - An error occurred while loading the profile file. </summary> NERR_ProfileLoadErr = 2374 ' <summary> 2375 - @W Errors occurred while saving the profile file. The profile was partially saved. </summary> NERR_ProfileSaveErr = 2375 ' <summary> 2377 - Log file %1 is full. </summary> NERR_LogOverflow = 2377 ' <summary> 2378 - This log file has changed between reads. </summary> NERR_LogFileChanged = 2378 ' <summary> 2379 - Log file %1 is corrupt. </summary> NERR_LogFileCorrupt = 2379 ' <summary> 2380 - The source path cannot be a directory. </summary> NERR_SourceIsDir = 2380 ' <summary> 2381 - The source path is illegal. </summary> NERR_BadSource = 2381 ' <summary> 2382 - The destination path is illegal. </summary> NERR_BadDest = 2382 ' <summary> 2383 - The source and destination paths are on different servers. </summary> NERR_DifferentServers = 2383 ' <summary> 2385 - The Run server you requested is paused. </summary> NERR_RunSrvPaused = 2385 ' <summary> 2389 - An error occurred when communicating with a Run server. </summary> NERR_ErrCommRunSrv = 2389 ' <summary> 2391 - An error occurred when starting a background process. </summary> NERR_ErrorExecingGhost = 2391 ' <summary> 2392 - The shared resource you are connected to could not be found. </summary> NERR_ShareNotFound = 2392 ' <summary> 2400 - The LAN adapter number is invalid. </summary> NERR_InvalidLana = 2400 ' <summary> 2401 - There are open files on the connection. </summary> NERR_OpenFiles = 2401 ' <summary> 2402 - Active connections still exist. </summary> NERR_ActiveConns = 2402 ' <summary> 2403 - This share name or password is invalid. </summary> NERR_BadPasswordCore = 2403 ' <summary> 2404 - The device is being accessed by an active process. </summary> NERR_DevInUse = 2404 ' <summary> 2405 - The drive letter is in use locally. </summary> NERR_LocalDrive = 2405 ' <summary> 2430 - The specified client is already registered for the specified event. </summary> NERR_AlertExists = 2430 ' <summary> 2431 - The alert table is full. </summary> NERR_TooManyAlerts = 2431 ' <summary> 2432 - An invalid or nonexistent alert name was raised. </summary> NERR_NoSuchAlert = 2432 ' <summary> 2433 - The alert recipient is invalid. </summary> NERR_BadRecipient = 2433 ' <summary> 2434 - A user's session with this server has been deleted </summary> NERR_AcctLimitExceeded = 2434 ' <summary> 2440 - The log file does not contain the requested record number. </summary> NERR_InvalidLogSeek = 2440 ' <summary> 2450 - The user accounts database is not configured correctly. </summary> NERR_BadUasConfig = 2450 ' <summary> 2451 - This operation is not permitted when the Netlogon service is running. </summary> NERR_InvalidUASOp = 2451 ' <summary> 2452 - This operation is not allowed on the last administrative account. </summary> NERR_LastAdmin = 2452 ' <summary> 2453 - Could not find domain controller for this domain. </summary> NERR_DCNotFound = 2453 ' <summary> 2454 - Could not set logon information for this user. </summary> NERR_LogonTrackingError = 2454 ' <summary> 2455 - The Netlogon service has not been started. </summary> NERR_NetlogonNotStarted = 2455 ' <summary> 2456 - Unable to add to the user accounts database. </summary> NERR_CanNotGrowUASFile = 2456 ' <summary> 2457 - This server's clock is not synchronized with the primary domain controller's clock. </summary> NERR_TimeDiffAtDC = 2457 ' <summary> 2458 - A password mismatch has been detected. </summary> NERR_PasswordMismatch = 2458 ' <summary> 2460 - The server identification does not specify a valid server. </summary> NERR_NoSuchServer = 2460 ' <summary> 2461 - The session identification does not specify a valid session. </summary> NERR_NoSuchSession = 2461 ' <summary> 2462 - The connection identification does not specify a valid connection. </summary> NERR_NoSuchConnection = 2462 ' <summary> 2463 - There is no space for another entry in the table of available servers. </summary> NERR_TooManyServers = 2463 ' <summary> 2464 - The server has reached the maximum number of sessions it supports. </summary> NERR_TooManySessions = 2464 ' <summary> 2465 - The server has reached the maximum number of connections it supports. </summary> NERR_TooManyConnections = 2465 ' <summary> 2466 - The server cannot open more files because it has reached its maximum number. </summary> NERR_TooManyFiles = 2466 ' <summary> 2467 - There are no alternate servers registered on this server. </summary> NERR_NoAlternateServers = 2467 ' <summary> 2470 - Try down-level (remote admin protocol) version of API instead. </summary> NERR_TryDownLevel = 2470 ' <summary> 2480 - The UPS driver could not be accessed by the UPS service. </summary> NERR_UPSDriverNotStarted = 2480 ' <summary> 2481 - The UPS service is not configured correctly. </summary> NERR_UPSInvalidConfig = 2481 ' <summary> 2482 - The UPS service could not access the specified Comm Port. </summary> NERR_UPSInvalidCommPort = 2482 ' <summary> 2483 - The UPS indicated a line fail or low battery situation. Service not started. </summary> NERR_UPSSignalAsserted = 2483 ' <summary> 2484 - The UPS service failed to perform a system shut down. </summary> NERR_UPSShutdownFailed = 2484 ' <summary> 2500 - The program below returned an MS-DOS error code: </summary> NERR_BadDosRetCode = 2500 ' <summary> 2501 - The program below needs more memory: </summary> NERR_ProgNeedsExtraMem = 2501 ' <summary> 2502 - The program below called an unsupported MS-DOS function: </summary> NERR_BadDosFunction = 2502 ' <summary> 2503 - The workstation failed to boot. </summary> NERR_RemoteBootFailed = 2503 ' <summary> 2504 - The file below is corrupt. </summary> NERR_BadFileCheckSum = 2504 ' <summary> 2505 - No loader is specified in the boot-block definition file. </summary> NERR_NoRplBootSystem = 2505 ' <summary> 2506 - NetBIOS returned an error: The NCB and SMB are dumped above. </summary> NERR_RplLoadrNetBiosErr = 2506 ' <summary> 2507 - A disk I/O error occurred. </summary> NERR_RplLoadrDiskErr = 2507 ' <summary> 2508 - Image parameter substitution failed. </summary> NERR_ImageParamErr = 2508 ' <summary> 2509 - Too many image parameters cross disk sector boundaries. </summary> NERR_TooManyImageParams = 2509 ' <summary> 2510 - The image was not generated from an MS-DOS diskette formatted with /S. </summary> NERR_NonDosFloppyUsed = 2510 ' <summary> 2511 - Remote boot will be restarted later. </summary> NERR_RplBootRestart = 2511 ' <summary> 2512 - The call to the Remoteboot server failed. </summary> NERR_RplSrvrCallFailed = 2512 ' <summary> 2513 - Cannot connect to the Remoteboot server. </summary> NERR_CantConnectRplSrvr = 2513 ' <summary> 2514 - Cannot open image file on the Remoteboot server. </summary> NERR_CantOpenImageFile = 2514 ' <summary> 2515 - Connecting to the Remoteboot server... </summary> NERR_CallingRplSrvr = 2515 ' <summary> 2516 - Connecting to the Remoteboot server... </summary> NERR_StartingRplBoot = 2516 ' <summary> 2517 - Remote boot service was stopped check the error log for the cause of the problem. </summary> NERR_RplBootServiceTerm = 2517 ' <summary> 2518 - Remote boot startup failed check the error log for the cause of the problem. </summary> NERR_RplBootStartFailed = 2518 ' <summary> 2519 - A second connection to a Remoteboot resource is not allowed. </summary> NERR_RPL_CONNECTED = 2519 ' <summary> 2550 - The browser service was configured with MaintainServerList=No. </summary> NERR_BrowserConfiguredToNotRun = 2550 ' <summary> 2610 - Service failed to start since none of the network adapters started with this service. </summary> NERR_RplNoAdaptersStarted = 2610 ' <summary> 2611 - Service failed to start due to bad startup information in the registry. </summary> NERR_RplBadRegistry = 2611 ' <summary> 2612 - Service failed to start because its database is absent or corrupt. </summary> NERR_RplBadDatabase = 2612 ' <summary> 2613 - Service failed to start because RPLFILES share is absent. </summary> NERR_RplRplfilesShare = 2613 ' <summary> 2614 - Service failed to start because RPLUSER group is absent. </summary> NERR_RplNotRplServer = 2614 ' <summary> 2615 - Cannot enumerate service records. </summary> NERR_RplCannotEnum = 2615 ' <summary> 2616 - Workstation record information has been corrupted. </summary> NERR_RplWkstaInfoCorrupted = 2616 ' <summary> 2617 - Workstation record was not found. </summary> NERR_RplWkstaNotFound = 2617 ' <summary> 2618 - Workstation name is in use by some other workstation. </summary> NERR_RplWkstaNameUnavailable = 2618 ' <summary> 2619 - Profile record information has been corrupted. </summary> NERR_RplProfileInfoCorrupted = 2619 ' <summary> 2620 - Profile record was not found. </summary> NERR_RplProfileNotFound = 2620 ' <summary> 2621 - Profile name is in use by some other profile. </summary> NERR_RplProfileNameUnavailable = 2621 ' <summary> 2622 - There are workstations using this profile. </summary> NERR_RplProfileNotEmpty = 2622 ' <summary> 2623 - Configuration record information has been corrupted. </summary> NERR_RplConfigInfoCorrupted = 2623 ' <summary> 2624 - Configuration record was not found. </summary> NERR_RplConfigNotFound = 2624 ' <summary> 2625 - Adapter ID record information has been corrupted. </summary> NERR_RplAdapterInfoCorrupted = 2625 ' <summary> 2626 - An internal service error has occurred. </summary> NERR_RplInternal = 2626 ' <summary> 2627 - Vendor ID record information has been corrupted. </summary> NERR_RplVendorInfoCorrupted = 2627 ' <summary> 2628 - Boot block record information has been corrupted. </summary> NERR_RplBootInfoCorrupted = 2628 ' <summary> 2629 - The user account for this workstation record is missing. </summary> NERR_RplWkstaNeedsUserAcct = 2629 ' <summary> 2630 - The RPLUSER local group could not be found. </summary> NERR_RplNeedsRPLUSERAcct = 2630 ' <summary> 2631 - Boot block record was not found. </summary> NERR_RplBootNotFound = 2631 ' <summary> 2632 - Chosen profile is incompatible with this workstation. </summary> NERR_RplIncompatibleProfile = 2632 ' <summary> 2633 - Chosen network adapter ID is in use by some other workstation. </summary> NERR_RplAdapterNameUnavailable = 2633 ' <summary> 2634 - There are profiles using this configuration. </summary> NERR_RplConfigNotEmpty = 2634 ' <summary> 2635 - There are workstations, profiles, or configurations using this boot block. </summary> NERR_RplBootInUse = 2635 ' <summary> 2636 - Service failed to backup Remoteboot database. </summary> NERR_RplBackupDatabase = 2636 ' <summary> 2637 - Adapter record was not found. </summary> NERR_RplAdapterNotFound = 2637 ' <summary> 2638 - Vendor record was not found. </summary> NERR_RplVendorNotFound = 2638 ' <summary> 2639 - Vendor name is in use by some other vendor record. </summary> NERR_RplVendorNameUnavailable = 2639 ' <summary> 2640 - (boot name, vendor ID) is in use by some other boot block record. </summary> NERR_RplBootNameUnavailable = 2640 ' <summary> 2641 - Configuration name is in use by some other configuration. </summary> NERR_RplConfigNameUnavailable = 2641 ' <summary> 2660 - The internal database maintained by the Dfs service is corrupt. </summary> NERR_DfsInternalCorruption = 2660 ' <summary> 2661 - One of the records in the internal Dfs database is corrupt. </summary> NERR_DfsVolumeDataCorrupt = 2661 ' <summary> 2662 - There is no DFS name whose entry path matches the input Entry Path. </summary> NERR_DfsNoSuchVolume = 2662 ' <summary> 2663 - A root or link with the given name already exists. </summary> NERR_DfsVolumeAlreadyExists = 2663 ' <summary> 2664 - The server share specified is already shared in the Dfs. </summary> NERR_DfsAlreadyShared = 2664 ' <summary> 2665 - The indicated server share does not support the indicated DFS namespace. </summary> NERR_DfsNoSuchShare = 2665 ' <summary> 2666 - The operation is not valid on this portion of the namespace. </summary> NERR_DfsNotALeafVolume = 2666 ' <summary> 2667 - The operation is not valid on this portion of the namespace. </summary> NERR_DfsLeafVolume = 2667 ' <summary> 2668 - The operation is ambiguous because the link has multiple servers. </summary> NERR_DfsVolumeHasMultipleServers = 2668 ' <summary> 2669 - Unable to create a link. </summary> NERR_DfsCantCreateJunctionPoint = 2669 ' <summary> 2670 - The server is not Dfs Aware. </summary> NERR_DfsServerNotDfsAware = 2670 ' <summary> 2671 - The specified rename target path is invalid. </summary> NERR_DfsBadRenamePath = 2671 ' <summary> 2672 - The specified DFS link is offline. </summary> NERR_DfsVolumeIsOffline = 2672 ' <summary> 2673 - The specified server is not a server for this link. </summary> NERR_DfsNoSuchServer = 2673 ' <summary> 2674 - A cycle in the Dfs name was detected. </summary> NERR_DfsCyclicalName = 2674 ' <summary> 2675 - The operation is not supported on a server-based Dfs. </summary> NERR_DfsNotSupportedInServerDfs = 2675 ' <summary> 2676 - This link is already supported by the specified server-share. </summary> NERR_DfsDuplicateService = 2676 ' <summary> 2677 - Can't remove the last server-share supporting this root or link. </summary> NERR_DfsCantRemoveLastServerShare = 2677 ' <summary> 2678 - The operation is not supported for an Inter-DFS link. </summary> NERR_DfsVolumeIsInterDfs = 2678 ' <summary> 2679 - The internal state of the Dfs Service has become inconsistent. </summary> NERR_DfsInconsistent = 2679 ' <summary> 2680 - The Dfs Service has been installed on the specified server. </summary> NERR_DfsServerUpgraded = 2680 ' <summary> 2681 - The Dfs data being reconciled is identical. </summary> NERR_DfsDataIsIdentical = 2681 ' <summary> 2682 - The DFS root cannot be deleted. Uninstall DFS if required. </summary> NERR_DfsCantRemoveDfsRoot = 2682 ' <summary> 2683 - A child or parent directory of the share is already in a Dfs. </summary> NERR_DfsChildOrParentInDfs = 2683 ' <summary> 2690 - Dfs internal error. </summary> NERR_DfsInternalError = 2690 ' <summary> 2691 - This machine is already joined to a domain. </summary> NERR_SetupAlreadyJoined = 2691 ' <summary> 2692 - This machine is not currently joined to a domain. </summary> NERR_SetupNotJoined = 2692 ' <summary> 2693 - This machine is a domain controller and cannot be unjoined from a domain. </summary> NERR_SetupDomainController = 2693 ' <summary> 2694 - The destination domain controller does not support creating machine accounts in OUs. </summary> NERR_DefaultJoinRequired = 2694 ' <summary> 2695 - The specified workgroup name is invalid. </summary> NERR_InvalidWorkgroupName = 2695 ' <summary> 2696 - The specified computer name is incompatible with the default language used on the domain controller. </summary> NERR_NameUsesIncompatibleCodePage = 2696 ' <summary> 2697 - The specified computer account could not be found. </summary> NERR_ComputerAccountNotFound = 2697 ' <summary> 2698 - This version of Windows cannot be joined to a domain. </summary> NERR_PersonalSku = 2698 ' <summary> 2701 - The password must change at the next logon. </summary> NERR_PasswordMustChange = 2701 ' <summary> 2702 - The account is locked out. </summary> NERR_AccountLockedOut = 2702 ' <summary> 2703 - The password is too long. </summary> NERR_PasswordTooLong = 2703 ' <summary> 2704 - The password does not meet the complexity policy. </summary> NERR_PasswordNotComplexEnough = 2704 ' <summary> 2705 - The password does not meet the requirements of the password filter DLLs. </summary> NERR_PasswordFilterError = 2705 End Enum #End Region Public Sub New() For Each curModule As String In Directory.GetFiles(ModuleSearchPath, "isadpvl*.dll") Try Dim objAssembly As Assembly = Assembly.LoadFile(curModule) Dim objType As System.Type = objAssembly.GetType("isadpvl.PasswordValidator") If Not objType Is Nothing Then prvInnerValidator = Activator.CreateInstance(objType) prvInnerValidator.ValidatePassword("bla") Exit For End If Catch ex As Exception prvInnerValidator = Nothing Debug.Print("Fehler beim Laden von Validator " & curModule & " : " & ex.ToString) MsgBox("Fehler beim Laden von Validator " & curModule & " : " & ex.ToString, MsgBoxStyle.Critical) End Try Next If prvInnerValidator Is Nothing Then Throw New NotSupportedException("Es wurde keine kompatible Hilfsbibliothek f�r die Validierung von Passw�rtern, unter Ber�cksichtigung der aktuell g�ltigen Dom�nensicherheitsrichtlinien gefunden.") End If End Sub Private ReadOnly Property ModuleSearchPath() As String Get Return Path.GetDirectoryName(Assembly.GetExecutingAssembly.Location) End Get End Property Public Function ValidatePassword(ByVal paramPassword As String, ByRef paramReason As String) As Boolean Try Dim intResult As enmResult = prvInnerValidator.ValidatePassword(paramPassword) Select Case intResult Case enmResult.NERR_Success Return True Case enmResult.NERR_BadPassword paramReason = "Unzul�ssiges Passwort" Return False Case enmResult.NERR_PasswordNotComplexEnough paramReason = "Passwort erf�llt nicht die in der Dom�nensicherheitsrichtlinie hinterlegten Komplexit�tskriterien (Details zu den Sicherheitsvorgaben, f�r die Vergabe von Passw�rtern in Ihrem Unternehmen, erfahren Sie von Ihrem Systemadministrator)" Return False Case enmResult.NERR_PasswordTooLong paramReason = "Passwort ist zu lang" Return False Case enmResult.NERR_PasswordTooShort paramReason = "Passwort ist zu kurz" Return False Case enmResult.NERR_PasswordFilterError paramReason = "Passwort erf�llt nicht die Kriterien der auf dem Dom�nencontroller installierten Passwortfilter" Return False Case Else Dim strVarName As String Try strVarName = [Enum].GetName(GetType(enmResult), intResult) Catch ex As Exception strVarName = Nothing End Try If strVarName Is Nothing Then paramReason = "Passwort konnte nicht validiert werden (Fehlercode: " & Convert.ToInt64(intResult).ToString & ")" Else paramReason = "Passwort konnte nicht validiert werden (Fehlerkennung: " & strVarName & ")" End If Return False End Select Catch ex As Exception paramReason = "Fehler beim validieren des Passworts:" & vbCrLf & ex.ToString Return False End Try End Function End Class End Namespace I hope, I was able to help you. Bastian -- Bastian Krau� implements GmbH Hauptstra�e 64 91054 Erlangen Tel: 09131 / 92 343 - 48 Fax: 09131 / 92 343 - 69 H RB 7901 (Amtsgericht F�rth) Gesch�ftsf�hrer: Peter Thorn http://www.implements.de |