[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Need a script that can set a local admin password

Posted on 2008-06-24
6
Medium Priority
?
238 Views
Last Modified: 2010-04-16
I'd like a simple script to set the local admin password, something that can be applied via group policy.  Can anyone point me in the right direction on this?

Thanks!
0
Comment
Question by:instaIT
6 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 21857905
0
 
LVL 8

Expert Comment

by:rjwesley
ID: 21857973
Never tried it but I hear it works........http://www.systemtools.com/

http://technet.microsoft.com/en-ca/library/bb742536.aspx - possibly works on 2003?

Rob
0
 
LVL 17

Expert Comment

by:Jared Luker
ID: 21858170
Keep in mind that if you do that, you will be sending your local admin password out in plain text and also storing it in a location where users can get to it.

It's not a good idea security wise.
0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 
LVL 5

Expert Comment

by:RightNL
ID: 21858438
do you absolutly need the localadmin? if not why not disable using gpo..

try: http://www.moernaut.com/default.aspx?item=supercrypt

and ofcourse there is an earlier solutions on this forum

http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_23433534.html

0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 21858494
You can 'build' yourself a little utility to change the local administrator's password remotely using the cusrmgr.exe command. I have written a very simple batch file below that will allow you to do it.

From an earlier post of mine:
I don't know how familiar you are with batch files so I will explain in detail.
Copy from the Windows 2000 Resource Kit or from  http://www.activexperts.com/activmonitor/windowsmanagement/reskit2000/  the file cusrmgr.exe and put it in a folder of your choice. I would do this from the domain controller but it should work from any workstation in the domain so long as you are logged in as a domain admin.
In the same folder create a batch file named ChngPass.bat or similar. Do this by entering the text below in Notepad and saving as "ChngPass.bat" make sure you use the quotation marks to assure it saves as a batch file. Enter your password in the first line of the batch file containing Set. Now simply run by going to a command prompt. Change to the directory where you put your files and enter:
 
ChngPass computername
 
I have incorporated the password in the batch file as I assume you want to change several computers, and this way you will not have to enter it each time. By the way enter the computer name only not \\computername.
NOTE: The password is stored in the batch file in clear text. As soon as you have completed your changes you should remove the password.
 
If you have many computers, or do this frequently, you can create a text list of computers and have it run a loop to change them all to the new password in one step. If you need a batch file to do that, I'm off for a couple of days, but let me know and I can modify and post on Monday for you .
--Rob
 
 
:: will change local administrator password on computer %1
:: enter your password in first set line
:: (Note: -P (warning, lower case p generates random password) see csrmgr.exe /? for full syntax
Cls
Set NewPW=newpassword
cusrmgr.exe -u Administrator -m \\%1 -P %NewPW
Set NewPW=
0
 
LVL 8

Accepted Solution

by:
CoyotesIT earned 2000 total points
ID: 21860136
I use this for our quarterly password changes on all local admin accounts, this script renames the local administrator account to sysadmin, so if you dont want that take it out. then just add it to the startup scripts in your gpo...

Good luck!
On Error Resume Next
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
 
Set oFs = CreateObject("Scripting.FileSystemObject")
Set oLog = oFs.OpenTextFile("LocalPassword.log", ForAppending, True)
Set oNet = CreateObject("WScript.Network")
Set oArg = WScript.Arguments
 
'sComputer = oNet.ComputerName
sComputer = oArg(0)
sAdministratorName = "sysadmin"
sPassword = "<YOUR_NEW_PASSWORD>"
sLocalAdministrator = LCase(GetCurrentAdministratorName)
 
 
If sLocalAdministrator = sAdministratorName Then
    oLog.Write LogWriteTime & " " & sComputer & " - Found Local Administrator: " & sLocalAdministrator & vbcrlf
    Set oAccount = GetObject("WinNT://" & sComputer & "/" & sLocalAdministrator & ",user")
    oAccount.SetPassword sPassword
    oAccount.SetInfo
    
    If Err = 0 Then
        oLog.Write LogWriteTime & " " & sComputer & " - Password Set: True" & vbcrlf
    Else
        oLog.Write LogWriteTime & " " & sComputer & " - Password Set: False" & vbcrlf
    End If
    oLog.Close()
Else
    oLog.Write LogWriteTime & " " & sComputer & " - Found Local Administrator: " & sLocalAdministrator & vbcrlf
    Set oComputer = GetObject("WinNT://" & sComputer)
    Set oAccount = GetObject("WinNT://" & sComputer & "/" & sLocalAdministrator & ",user")
    oAccount.SetPassword sPassword
    oAccount.SetInfo
    
    If Err = 0 Then
        oLog.Write LogWriteTime & " " & sComputer & " - Password Set: True" & vbcrlf
    Else
        oLog.Write LogWriteTiime & " " & sComputer & " - Password Set: False" & vbcrlf
    End If
    
    Set oRenameAccount = oComputer.MoveHere(oAccount.ADsPath, sAdministratorName)
    
    If Err = 0 Then
        oLog.Write LogWriteTime & " " & sComputer & " - Renamed Local Administrator [" & sLocalAdministrator & "] to [" & sAdministratorName & "]: True" & vbcrlf
    Else
        oLog.Write LogWriteTime & " " & sComputer & " - Renamed Local Administrator [" & sLocalAdministrator & "] to [" & sAdministratorName & "]: False" & vbcrlf
    End If
    oLog.Close()
End If
 
Function GetCurrentAdministratorName
    Dim sUserSID, oWshNetwork, oUserAccount
 
    Set oWshNetwork = CreateObject("WScript.Network")
    Set oUserAccounts = GetObject("winmgmts://" & oWshNetwork.ComputerName & "/root/cimv2").ExecQuery("Select Name, SID from Win32_UserAccount" _
        & " WHERE Domain = '" & oWshNetwork.ComputerName & "'")
 
    On Error Resume Next
        For Each oUserAccount In oUserAccounts
        If Left(oUserAccount.SID, 9) = "S-1-5-21-" And Right(oUserAccount.SID, 4) = "-500" Then
            GetCurrentAdministratorName = oUserAccount.Name
            Exit For
        End if
    Next
End Function
 
Function LogWriteTime
    LogWriteTime = "[" & Date() & " - " & Time() & "] "
End Function

Open in new window

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Suggested Courses
Course of the Month18 days, 4 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question