Solved

changing local machine admin passwords via server

Posted on 2003-10-24
6
565 Views
Last Modified: 2012-05-04
Not sure if this is possible or not, but thought I'd ask anyhow.  I'm interested in knowing if you can change local admin passwords for workstations over the network.  It's that time again where all admin passwords need to be reset, but in the past we've always visited every local machine which is quite tedious.  All of the workstations are Win2000 or WinXP and are part of the domain.  Thanks.
0
Comment
Question by:mgrass
  • 3
  • 2
6 Comments
 

Expert Comment

by:solver7
ID: 9616116
If you want to do it manually for a few machines,
open the computer management console,
under "actions" select "connect to another computer"
add the computer name then just go under
system tools
local users and computers.

  It's a simple way but not practifcal for a large user base.

0
 
LVL 1

Author Comment

by:mgrass
ID: 9616130
Yeah, doing it manual is tried and true, but I have upwards of 550 machines all-in-all that require the change.
0
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 9616451
This script was intended to rename the built-in administrator account and password, even if that name had been changed before to unknown value, and to produce a logfile. It should fit your needs, too; just set the "new" name of the administrator account to "Administrator" if you don't want to change the account name.
This should work on any NT4, W2k and XP.
The script creates a ";" separated logfile, and the administrator (and SID) list field it creates in the logfile is "," separated. "Other Admins" are members of the local Administrators group that are not local accounts. "RC Rename" "and RC Password" are the Return Codes of the renaming / password changing command.
As mentioned in the remarks, you need some tools from the Resource Kit.
At the moment, it's in test mode, so you should be able to run it without endangering your net (read the remarks on how to "arm" the script).
Feed it either a single machine name as parameter ("renbiadmin SomeMachine"), or, for a bunch of machines, a "/L" as first parameter and a list with computer names to be processed as second parameter ("renbiadmin /L SomeDrive:\SomePath\SomeListFile"). Start it without parameter, and it will give you a short help.
It will give you a list with failed machines as well, so that you can run only the failed machines again without having too much trouble ...

As usual: No warranties included, test it before you apply it in earnest, use this at your own risk.

====8<----[renbiadmin.cmd]----
@echo off
setlocal
:: *** renbiadmin.cmd
:: *** Renames the built in administrator account of the specified machine and changes the password
:: *** Necessary external tools (from the W2k Resource Kit): local.exe, getsid.exe, cusrmgr.exe.
:: *** New name of the builtin administrator account:
set NewAdmin=LocalAdmin
:: *** New password of the builtin administrator account:
set NewPassword=Secret
:: *** "set Test=echo" (without quotation marks) for testing purposes,
:: *** "set Test=" (without quotation marks) to get serious
:: *** in test mode, it will do everything as usual, but it will neither
:: *** rename the account nor change the password.
set Test=echo
:: *** Localization; the name of the Local Administrators Group:
set AdminGroup=Administrators
:: *** List the Administrator's SID (TRUE to enable, empty or FALSE to disable):
set EnableSID=TRUE
:: *** (path and) name of the log file:
set LogFile=%~n0.log
:: *** (path and) name of the file with failed machine names:
set FailedFile=%~n0.txt

:: *** Only change the following variables if you know what you're doing ***
:: *** Builtin System Administrator RID (Default: 500):
set BIAdminRID=500
:: *** Admin share (used to verify credentials):
set AdminShare=C$

if %1.==. goto Syntax
if exist "%FailedFile%" del "%FailedFile%"
(echo Machine Name;Local Admins;Builtin Admin;Other Admins;Return Code "Rename";Return Code "New Password")>"%LogFile%"
echo ======================================================================
if /i not %1.==/L. goto process
if %2.==. goto Syntax
set ListFile=%2
if not exist %ListFile% (
  echo Error: The list file does not exist.
  goto leave
)
for /f %%a in ('type %ListFile%') do call :process %%a
goto leave

:process
set Machine=%1
set BuiltinAdmin=
set LocalAdmins=
set OtherAdmins=
set Failed=
:: *** check if remote machine is alive:
ping -n 1 %Machine% | find "TTL" >NUL
if errorlevel 1 (
  set Machine=%Machine% [failed: not responding]
  set BuiltinAdmin=[skipped]
  set LocalAdmins=,[skipped]
  set OtherAdmins=,[skipped]
  set RCRename=[skipped]
  set RCNewPass=[skipped]
  set Failed=%Machine%
  goto log
)
:: *** check for administrative privileges on the remote machine:
net use \\%Machine%\%AdminShare% 1>NUL 2>NUL
if errorlevel 1 (
  set Machine=%Machine% [failed: access denied]
  set BuiltinAdmin=[skipped]
  set LocalAdmins=,[skipped]
  set OtherAdmins=,[skipped]
  set RCRename=[skipped]
  set RCNewPass=[skipped]
  set Failed=%Machine%
  goto log
)
net use \\%Machine%\%AdminShare% /delete 1>NUL 2>NUL

:: *** Check for the local built in administrator account:
:CheckAdmins
for /f "tokens=1* delims=\" %%a in ('local %AdminGroup% \\%Machine%') do (
  set CheckDomain=%%a
  set CheckAdmin=%%b
  call :FindBuiltIn
)

:: *** Check if the builtin account was found:
if "%BuiltinAdmin%"=="" (
  set BuiltinAdmin=[Undetermined]
  set RCRename=[skipped]
  set RCNewPass=[skipped]
  set Failed=%Machine%
  goto log
)

:: *** Check if the builtin account already has the correct name:
if /i "%BuiltinAdmin%"=="%NewAdmin%" (
  set RCRename=[skipped: name ok]
  goto ChangePass
)
:: *** Rename the builtin account and save the return code:
set RCRename=
for /f "tokens=2 delims=:" %%a in ('%Test% cusrmgr -u %BuiltinAdmin% -m \\%Machine% -r %NewAdmin% ^| find /i "ERROR"') do set RCRename=%%a
if "%RCRename%"=="" set RCRename=0

:ChangePass
:: *** Check if renaming was successful:
if %RCRename% GTR 0 (
  set RCNewPass=[skipped: couldn't rename]
  set Failed=%Machine%
  goto log
)
:: *** Change the password and save the return code:
set RCNewPass=
for /f "tokens=2 delims=:" %%a in ('%Test% cusrmgr -u %NewAdmin% -m \\%Machine% -P %NewPassword% ^| find /i "ERROR"') do set RCNewPass=%%a
if "%RCNewPass%"=="" set RCNewPass=0
if %RCNewPass% GTR 0 set failed=%Machine%
goto log

:: **********************************************************************
:: *** Subroutines:
:FindBuiltIn
:: *** Check if the account to be tested is a local one; if not, save it and return:
if /i not "%CheckDomain%"=="%Machine%" (
  set OtherAdmins=%OtherAdmins%,%CheckDomain%\%CheckAdmin%
  goto :eof
)

:: *** Get the administrator's SID of the remote machine:
for /f "tokens=7 skip=2" %%a in ('getsid \\%Machine% %CheckAdmin% \\%Machine% %CheckAdmin%') do set SID=%%a
set TempSID=%SID%
:GetRID
:: *** Get the Relative Identifier:
for /f "tokens=1* delims=-" %%a in ("%TempSID%") do (
  set RID=%%a
  set TempSID=%%b
)
if not "%TempSID%"=="" goto GetRID
set LocalAdmins=%LocalAdmins%,%CheckAdmin%
if /i "%EnableSID%"=="TRUE" set LocalAdmins=%LocalAdmins% {%SID%}
if %RID%==%BIAdminRID% set BuiltinAdmin=%CheckAdmin%
goto :eof

:Syntax
echo.
echo renbiadmin.cmd
echo.
echo Renames the built-in administrator account of a given machine, independently
echo of the current name of the account. Creates a ";"-separated logfile and a list
echo of machines where renaming or password change wasn't sucessful.
echo If run in test mode, no renaming/password change is done.
set TM=ON&if .%Test%.==.. set TM=OFF
echo New Admin:     %NewAdmin%
echo Logfile:       %LogFile%
echo "Failed" list: %FailedFile%
echo Test mode:     %TM%
echo.
echo Syntax:
echo renbiadmin { ^<machine^> ^| /L ^<list^> }
echo ^<machine^>: Renames the administrator account of machine.
echo /L:        Renames the administrator account of all machines in ^<list^>
echo            (one name per line).
goto leave
:: **********************************************************************

:log
set LocalAdmins=%LocalAdmins:~1%
if "%OtherAdmins%"=="" set OtherAdmins=,[None]
set OtherAdmins=%OtherAdmins:~1%
(echo %Machine%;%LocalAdmins%;%BuiltinAdmin%;%OtherAdmins%;%RCRename%;%RCNewPass%)>>"%LogFile%"
if not "%Failed%"=="" (echo %Failed%)>>"%FailedFile%"
echo Machine:       %Machine%
echo Local Admins:  %LocalAdmins%
echo Builtin Admin: %BuiltinAdmin%
echo Other Admins:  %OtherAdmins%
echo RC Rename:     %RCRename%
echo RC Password:   %RCNewPass%
echo ======================================================================

:leave

====8<----[renbiadmin.cmd]----
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 1

Author Comment

by:mgrass
ID: 9616698
Okay, looks a bit complex.  Is there a deployment instruction manual to go along with this?  
0
 
LVL 84

Expert Comment

by:oBdA
ID: 9617926
No need to deploy anything; just save it on the workstation or server you're using for your administrative work. All it needs are three tools from the Resource Kit in the path. Most of the script is "just" error handling and logging, but when you're handling 500 machines, you'll want those ...
It's in test mode, so just call it with a remote machine as argument to see what it's doing.
0
 
LVL 1

Author Comment

by:mgrass
ID: 9618414
Thanks for the assist.  
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Migrate DFS role 3 861
Just changed my 2000 Server DCs IP now what 3 411
win2k service packs 5 662
windows 2000 image 3 147
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question