Solved

Changing a password for a local user account remotely through script

Posted on 2006-11-30
8
204 Views
Last Modified: 2013-12-23
Hi guys!
Hope you can help out.

We have an NT domain.

We have a local user account, let's say its called "hjbox" on all our NT machines.
Often, people change the password, that then later we have to remote in and change it back to the right password for the day.

What Id like to do is the following:

Let's say we have discovered on our network that 50 NT machines need to have the password changed to a common password...lets say password should be "abcd1234".

Is there any way to script this out, so that when the script runs, it changes the password for the local account "hjbox" on all these 50 workstations?
I really dont want to push out a scheduled task to do this, but would rather get immediate feedback through a logfile of all that have been successfully changed.

Any help greatly appreciated.

Simon
0
Comment
Question by:Simon336697
  • 5
  • 3
8 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18043972

Hi Simon,

Yep, that's certainly possible.

It would need running as someone with administrative access on all machines - but that can't be unexpected.

How did you want to define which machines it runs for? Text File? Or just for everything listed in, er, Server manager (? I forget, long long time since I've used WinNT admin tools).

Anyway, this is what we run (it's VbScript - .vbs) to change the password itself:

Set objUser = GetObject("WinNT://" & strComputerName & "/hjbox, user")
objUser.SetPassword "abcd1234"
Set objUser = Nothing

Nice and easy, all we need to do is tell it what strComputerName is, then loop through all the computers you want to change.

HTH

Chris
0
 
LVL 1

Author Comment

by:Simon336697
ID: 18044009
Hi Chris!

Thank you so much mate..So quick...I dont know how you guys do it.

Chris,
We do have a mixture of NT domains and 2003 AD domain, purely because we support different companies, and these different companies are members of different domains.

So, what I would need to do is:

Gather a list of NT machines that have had the password for hjbox not set to the correct password eg.lets say it should be abcd1234 (I dont know how we would do this).
Then as you say to define probably through a text file listing all those machines the vbs script is to parse.

If possible, could you please help me in how your script would use a text file/point to the text file and run the script for every computer name in the text file?

Is there any way to get instant feedback of success/failure of the script for each computer it is run against eg.log file with computer name and success/failure.

Thanks so much Chris.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 18044084

Hey,

Identifying the computers in the first place would be tricky - normally the simpler approach is to just reset the password for all machines that should have it - it saves a step and doesn't really things too tricky.

If we assume we've managed to identify where changes are necessary and we have a list of computers that looks like this:

BobsComputer
JaneWinXP
ITTest

etc, etc.

We'll call that "computers.txt" for now (and that's in the same directory as the script), then we can do this:


Option Explicit

Dim objFileSystem, objFile, objStream, objUser
Dim strComputer

Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.GetFile("computers.txt")
Set objStream = objFile.OpenAsTextStream(1, 0)

' This goes through the text file a line at a time.

Do While Not objStream.AtEndOfStream
      strComputer = objStream.ReadLine

      ' We don't want to change anything that doesn't really have a name listed (protects against blank lines)

      If Len(strComputer) > 0 Then
            ' Turn on Error Handling here
            On Error Resume Next : Err.Clear
            Set objUser = GetObject("WinNT://" & strComputer & "/hjbox, user")

            If Err.Number <> 0 Then
                  WScript.Echo "Failed to attach to User on " & strComputer & ": " & Err.Description
            Else
                  Err.Clear
                  objUser.SetPassword "abcd1234"
                  If Err.Number <> 0 Then
                        WScript.Echo "Failed to set Password on " & strComputer & ": " & Err.Description
                  End If
            End If
            Set objUser = Nothing

            On Error Goto 0
      End If
Loop

Set objStream = Nothing
Set objFile = Nothing
Set objFileSystem = Nothing


Of course there are other ways to figure out the list of PCs. For WinNT it's not as easy, everything is stored in a very flat structure and it's not easy to eliminate those we don't want to change programatically. However, in AD we have a great deal of flexibility and we can change for a single OU, all OUs except one, a selection of OUs, etc etc etc. I can cover that as well if it's of interest.

Chris
0
 
LVL 1

Author Comment

by:Simon336697
ID: 18044102
Chris!

What can I say?

A huge huge thankyou to your expertise from a simple aussie down under.
I hope this gets you your 1000th question answered mate.

Thank you so much again.

I will test this out now at work, but wont hassle you again.

Thanks again Chris.

Simon
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:Simon336697
ID: 18044115
Chris sorry!

Does the above script youve created pump the results out to a text file?
Ideally this would be great.
Only (and only if youve got the time/inclination), a version of this for AD would be fantastic, but as I said, I dont expect anything more.
Youve been great!

Simon
0
 
LVL 1

Author Comment

by:Simon336697
ID: 18044126
Chris!

BTW I did post another question about this issue on here.
It asks about polling all NT boxes to see when the perl script (run.pl) was last run.
This is the script that changes the daily password on these machines.
If I can determine what boxes the script has failed to run on, then I could hone in on the computers that probably require their passwords changed as the passwords on these computers would be wrong.

Simon
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18044217

Hey Simon,

Sorry, I meant to post a comment saying that it wasn't ideal with reporting to the screen and that it could be logged to a text file but I ran into a bit of stuff to sort out here.

Anyway, this modification will write any errors (and successes) to a log file.


Option Explicit

Dim objFileSystem, objFile, objStream, objLogFile, objUser
Dim strComputer

Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.GetFile("computers.txt")
Set objStream = objFile.OpenAsTextStream(1, 0)

Set objLogFile = objFileSystem.OpenTextFile("PasswordChange.log", 2, True, 0)
 
' This goes through the text file a line at a time.

Do While Not objStream.AtEndOfStream
     strComputer = objStream.ReadLine

     ' We don't want to change anything that doesn't really have a name listed (protects against blank lines)

     If Len(strComputer) > 0 Then
          ' Turn on Error Handling here
          On Error Resume Next : Err.Clear
          Set objUser = GetObject("WinNT://" & strComputer & "/hjbox, user")

          If Err.Number <> 0 Then
               objLogFile.WriteLine strComputer & ": Failed to attach to User: " & Err.Description
          Else
               Err.Clear
               objUser.SetPassword "abcd1234"
               If Err.Number <> 0 Then
                    objLogFile.WriteLine strComputer & ": Failed to set Password: " & Err.Description
              Else
                    objLogFile.WriteLine strComputer & ": Password Reset Successfully"
              End If
          End If
          Set objUser = Nothing

          On Error Goto 0
     End If
Loop

Set objStream = Nothing
Set objFile = Nothing
Set objFileSystem = Nothing


0
 
LVL 1

Author Comment

by:Simon336697
ID: 18044325
Youre a gun thank you Chris!

Simon
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now