Change Local Admin Password Vbs

I want to change all of computers local administrator account. There is a VBS about this situation in The Portable Script Center :

strComputer = "atl-ws-01"
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator, user")

objUser.SetPassword "09iuy%4e"

On GPO Computer Configuration it has done windows settigs startup scripts
This vbs should be shared on the DC path= \\DC.INT\SYSVOL\DC.INT\SCRIPTS
I tried this solution but how can i protect that folder from domain users?
They can see this vbs and what does included ?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Change the permissions of the VBS, remove inherited permissions and add Authenticated Users with advanced permissions to Traverse Folder / Execute File Allow only

Hopefully they can execute the script, but they cannot browse to it to be able to view it.

My concern is... your standard users have the rights to change the local administrators password???  That's bad.
Also, you can use the Microsoft Script Encoder to scramble the text in the VBS file, which gets converted to a VBE file.  Keep the VBS file then in a more secure location.

But I also agree with Lester.....while your Domain Users run a login script, they have the ability to change local admin passwords....that means they "are" local admins, doesn't it?


nemeiaAuthor Commented:
I tried to give Traverse Folder / Execute File Allow only permisson.
if they cant read this script that will not work. They can't able to view it so it doesnt work.
My standard users doesn't have a permission to change local administrator password.
I applied the GPO computers on Acive Directory computers account are moved a Organizational Unit which GPO applied.
In this way does not give a permission to change local admin passwd for standart users.
That computer has two local admin users computer\administrator, Domain.Com\Domain Admins there is no any administrator account.
I will check the Microsoft Script Encoder. I could make an encrypted script.

Thank you for your information.
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

If you run a new script as a StartUp Script, instead of a Login Script, you will be able to use just these three lines:

    strComputer = "."
    Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
    objUser.SetPassword "x%tY7iu8%4f"

This will have the ability to reset the password because the script will run using the local System account of the computer that runs it.


nemeiaAuthor Commented:

The problem was solved by removed Authenticated User on that scripts and Add Computer Accounts

on security tab. In this way standard users are not able to view this script.

I also tried your solution Rob but it doesn't work. It uses computer account permissions.

Because when i removed computer accounts on scripts security tab it doesn't work.

Thanks all of you :)
That's great.  Yes, my solution does require computer permissions, because it uses the local System account, not an ordinary user account, when run as a StartUp script.

But it's great that you got it working.


PAQed with points refunded (125)

EE Admin

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.