nemeia
asked on
Change Local Admin Password Vbs
I want to change all of computers local administrator account. There is a VBS about this situation in The Portable Script Center :
strComputer = "atl-ws-01"
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator, user")
objUser.SetPassword "09iuy%4e"
objUser.SetInfo
On GPO Computer Configuration it has done windows settigs startup scripts
This vbs should be shared on the DC path= \\DC.INT\SYSVOL\DC.INT\SCR
I tried this solution but how can i protect that folder from domain users?
They can see this vbs and what does included ?
strComputer = "atl-ws-01"
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator, user")
objUser.SetPassword "09iuy%4e"
objUser.SetInfo
On GPO Computer Configuration it has done windows settigs startup scripts
This vbs should be shared on the DC path= \\DC.INT\SYSVOL\DC.INT\SCR
I tried this solution but how can i protect that folder from domain users?
They can see this vbs and what does included ?
Also, you can use the Microsoft Script Encoder to scramble the text in the VBS file, which gets converted to a VBE file. Keep the VBS file then in a more secure location.
But I also agree with Lester.....while your Domain Users run a login script, they have the ability to change local admin passwords....that means they "are" local admins, doesn't it?
Regards,
Rob.
But I also agree with Lester.....while your Domain Users run a login script, they have the ability to change local admin passwords....that means they "are" local admins, doesn't it?
Regards,
Rob.
ASKER
I tried to give Traverse Folder / Execute File Allow only permisson.
if they cant read this script that will not work. They can't able to view it so it doesnt work.
My standard users doesn't have a permission to change local administrator password.
I applied the GPO computers on Acive Directory computers account are moved a Organizational Unit which GPO applied.
In this way does not give a permission to change local admin passwd for standart users.
That computer has two local admin users computer\administrator, Domain.Com\Domain Admins there is no any administrator account.
I will check the Microsoft Script Encoder. I could make an encrypted script.
Thank you for your information.
if they cant read this script that will not work. They can't able to view it so it doesnt work.
My standard users doesn't have a permission to change local administrator password.
I applied the GPO computers on Acive Directory computers account are moved a Organizational Unit which GPO applied.
In this way does not give a permission to change local admin passwd for standart users.
That computer has two local admin users computer\administrator, Domain.Com\Domain Admins there is no any administrator account.
I will check the Microsoft Script Encoder. I could make an encrypted script.
Thank you for your information.
If you run a new script as a StartUp Script, instead of a Login Script, you will be able to use just these three lines:
strComputer = "."
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
objUser.SetPassword "x%tY7iu8%4f"
This will have the ability to reset the password because the script will run using the local System account of the computer that runs it.
Regards,
Rob.
strComputer = "."
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
objUser.SetPassword "x%tY7iu8%4f"
This will have the ability to reset the password because the script will run using the local System account of the computer that runs it.
Regards,
Rob.
ASKER
The problem was solved by removed Authenticated User on that scripts and Add Computer Accounts
on security tab. In this way standard users are not able to view this script.
I also tried your solution Rob but it doesn't work. It uses computer account permissions.
Because when i removed computer accounts on scripts security tab it doesn't work.
Thanks all of you :)
That's great. Yes, my solution does require computer permissions, because it uses the local System account, not an ordinary user account, when run as a StartUp script.
But it's great that you got it working.
Regards,
Rob.
But it's great that you got it working.
Regards,
Rob.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hopefully they can execute the script, but they cannot browse to it to be able to view it.
My concern is... your standard users have the rights to change the local administrators password??? That's bad.