Solved

Changing a password for a local user account remotely through script

Posted on 2006-11-30
8
216 Views
Last Modified: 2013-12-23
Hi guys!
Hope you can help out.

We have an NT domain.

We have a local user account, let's say its called "hjbox" on all our NT machines.
Often, people change the password, that then later we have to remote in and change it back to the right password for the day.

What Id like to do is the following:

Let's say we have discovered on our network that 50 NT machines need to have the password changed to a common password...lets say password should be "abcd1234".

Is there any way to script this out, so that when the script runs, it changes the password for the local account "hjbox" on all these 50 workstations?
I really dont want to push out a scheduled task to do this, but would rather get immediate feedback through a logfile of all that have been successfully changed.

Any help greatly appreciated.

Simon
0
Comment
Question by:Simon336697
  • 5
  • 3
8 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18043972

Hi Simon,

Yep, that's certainly possible.

It would need running as someone with administrative access on all machines - but that can't be unexpected.

How did you want to define which machines it runs for? Text File? Or just for everything listed in, er, Server manager (? I forget, long long time since I've used WinNT admin tools).

Anyway, this is what we run (it's VbScript - .vbs) to change the password itself:

Set objUser = GetObject("WinNT://" & strComputerName & "/hjbox, user")
objUser.SetPassword "abcd1234"
Set objUser = Nothing

Nice and easy, all we need to do is tell it what strComputerName is, then loop through all the computers you want to change.

HTH

Chris
0
 
LVL 1

Author Comment

by:Simon336697
ID: 18044009
Hi Chris!

Thank you so much mate..So quick...I dont know how you guys do it.

Chris,
We do have a mixture of NT domains and 2003 AD domain, purely because we support different companies, and these different companies are members of different domains.

So, what I would need to do is:

Gather a list of NT machines that have had the password for hjbox not set to the correct password eg.lets say it should be abcd1234 (I dont know how we would do this).
Then as you say to define probably through a text file listing all those machines the vbs script is to parse.

If possible, could you please help me in how your script would use a text file/point to the text file and run the script for every computer name in the text file?

Is there any way to get instant feedback of success/failure of the script for each computer it is run against eg.log file with computer name and success/failure.

Thanks so much Chris.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 18044084

Hey,

Identifying the computers in the first place would be tricky - normally the simpler approach is to just reset the password for all machines that should have it - it saves a step and doesn't really things too tricky.

If we assume we've managed to identify where changes are necessary and we have a list of computers that looks like this:

BobsComputer
JaneWinXP
ITTest

etc, etc.

We'll call that "computers.txt" for now (and that's in the same directory as the script), then we can do this:


Option Explicit

Dim objFileSystem, objFile, objStream, objUser
Dim strComputer

Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.GetFile("computers.txt")
Set objStream = objFile.OpenAsTextStream(1, 0)

' This goes through the text file a line at a time.

Do While Not objStream.AtEndOfStream
      strComputer = objStream.ReadLine

      ' We don't want to change anything that doesn't really have a name listed (protects against blank lines)

      If Len(strComputer) > 0 Then
            ' Turn on Error Handling here
            On Error Resume Next : Err.Clear
            Set objUser = GetObject("WinNT://" & strComputer & "/hjbox, user")

            If Err.Number <> 0 Then
                  WScript.Echo "Failed to attach to User on " & strComputer & ": " & Err.Description
            Else
                  Err.Clear
                  objUser.SetPassword "abcd1234"
                  If Err.Number <> 0 Then
                        WScript.Echo "Failed to set Password on " & strComputer & ": " & Err.Description
                  End If
            End If
            Set objUser = Nothing

            On Error Goto 0
      End If
Loop

Set objStream = Nothing
Set objFile = Nothing
Set objFileSystem = Nothing


Of course there are other ways to figure out the list of PCs. For WinNT it's not as easy, everything is stored in a very flat structure and it's not easy to eliminate those we don't want to change programatically. However, in AD we have a great deal of flexibility and we can change for a single OU, all OUs except one, a selection of OUs, etc etc etc. I can cover that as well if it's of interest.

Chris
0
 
LVL 1

Author Comment

by:Simon336697
ID: 18044102
Chris!

What can I say?

A huge huge thankyou to your expertise from a simple aussie down under.
I hope this gets you your 1000th question answered mate.

Thank you so much again.

I will test this out now at work, but wont hassle you again.

Thanks again Chris.

Simon
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 1

Author Comment

by:Simon336697
ID: 18044115
Chris sorry!

Does the above script youve created pump the results out to a text file?
Ideally this would be great.
Only (and only if youve got the time/inclination), a version of this for AD would be fantastic, but as I said, I dont expect anything more.
Youve been great!

Simon
0
 
LVL 1

Author Comment

by:Simon336697
ID: 18044126
Chris!

BTW I did post another question about this issue on here.
It asks about polling all NT boxes to see when the perl script (run.pl) was last run.
This is the script that changes the daily password on these machines.
If I can determine what boxes the script has failed to run on, then I could hone in on the computers that probably require their passwords changed as the passwords on these computers would be wrong.

Simon
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18044217

Hey Simon,

Sorry, I meant to post a comment saying that it wasn't ideal with reporting to the screen and that it could be logged to a text file but I ran into a bit of stuff to sort out here.

Anyway, this modification will write any errors (and successes) to a log file.


Option Explicit

Dim objFileSystem, objFile, objStream, objLogFile, objUser
Dim strComputer

Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.GetFile("computers.txt")
Set objStream = objFile.OpenAsTextStream(1, 0)

Set objLogFile = objFileSystem.OpenTextFile("PasswordChange.log", 2, True, 0)
 
' This goes through the text file a line at a time.

Do While Not objStream.AtEndOfStream
     strComputer = objStream.ReadLine

     ' We don't want to change anything that doesn't really have a name listed (protects against blank lines)

     If Len(strComputer) > 0 Then
          ' Turn on Error Handling here
          On Error Resume Next : Err.Clear
          Set objUser = GetObject("WinNT://" & strComputer & "/hjbox, user")

          If Err.Number <> 0 Then
               objLogFile.WriteLine strComputer & ": Failed to attach to User: " & Err.Description
          Else
               Err.Clear
               objUser.SetPassword "abcd1234"
               If Err.Number <> 0 Then
                    objLogFile.WriteLine strComputer & ": Failed to set Password: " & Err.Description
              Else
                    objLogFile.WriteLine strComputer & ": Password Reset Successfully"
              End If
          End If
          Set objUser = Nothing

          On Error Goto 0
     End If
Loop

Set objStream = Nothing
Set objFile = Nothing
Set objFileSystem = Nothing


0
 
LVL 1

Author Comment

by:Simon336697
ID: 18044325
Youre a gun thank you Chris!

Simon
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now