Solved

Need a script that can set a local admin password

Posted on 2008-06-24
6
227 Views
Last Modified: 2010-04-16
I'd like a simple script to set the local admin password, something that can be applied via group policy.  Can anyone point me in the right direction on this?

Thanks!
0
Comment
Question by:instaIT
6 Comments
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
0
 
LVL 8

Expert Comment

by:rjwesley
Comment Utility
Never tried it but I hear it works........http://www.systemtools.com/

http://technet.microsoft.com/en-ca/library/bb742536.aspx - possibly works on 2003?

Rob
0
 
LVL 17

Expert Comment

by:Jared Luker
Comment Utility
Keep in mind that if you do that, you will be sending your local admin password out in plain text and also storing it in a location where users can get to it.

It's not a good idea security wise.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 5

Expert Comment

by:RightNL
Comment Utility
do you absolutly need the localadmin? if not why not disable using gpo..

try: http://www.moernaut.com/default.aspx?item=supercrypt

and ofcourse there is an earlier solutions on this forum

http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_23433534.html

0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
You can 'build' yourself a little utility to change the local administrator's password remotely using the cusrmgr.exe command. I have written a very simple batch file below that will allow you to do it.

From an earlier post of mine:
I don't know how familiar you are with batch files so I will explain in detail.
Copy from the Windows 2000 Resource Kit or from  http://www.activexperts.com/activmonitor/windowsmanagement/reskit2000/  the file cusrmgr.exe and put it in a folder of your choice. I would do this from the domain controller but it should work from any workstation in the domain so long as you are logged in as a domain admin.
In the same folder create a batch file named ChngPass.bat or similar. Do this by entering the text below in Notepad and saving as "ChngPass.bat" make sure you use the quotation marks to assure it saves as a batch file. Enter your password in the first line of the batch file containing Set. Now simply run by going to a command prompt. Change to the directory where you put your files and enter:
 
ChngPass computername
 
I have incorporated the password in the batch file as I assume you want to change several computers, and this way you will not have to enter it each time. By the way enter the computer name only not \\computername.
NOTE: The password is stored in the batch file in clear text. As soon as you have completed your changes you should remove the password.
 
If you have many computers, or do this frequently, you can create a text list of computers and have it run a loop to change them all to the new password in one step. If you need a batch file to do that, I'm off for a couple of days, but let me know and I can modify and post on Monday for you .
--Rob
 
 
:: will change local administrator password on computer %1
:: enter your password in first set line
:: (Note: -P (warning, lower case p generates random password) see csrmgr.exe /? for full syntax
Cls
Set NewPW=newpassword
cusrmgr.exe -u Administrator -m \\%1 -P %NewPW
Set NewPW=
0
 
LVL 8

Accepted Solution

by:
CoyotesIT earned 500 total points
Comment Utility
I use this for our quarterly password changes on all local admin accounts, this script renames the local administrator account to sysadmin, so if you dont want that take it out. then just add it to the startup scripts in your gpo...

Good luck!
On Error Resume Next

Const ForReading = 1

Const ForWriting = 2

Const ForAppending = 8
 

Set oFs = CreateObject("Scripting.FileSystemObject")

Set oLog = oFs.OpenTextFile("LocalPassword.log", ForAppending, True)

Set oNet = CreateObject("WScript.Network")

Set oArg = WScript.Arguments
 

'sComputer = oNet.ComputerName

sComputer = oArg(0)

sAdministratorName = "sysadmin"

sPassword = "<YOUR_NEW_PASSWORD>"

sLocalAdministrator = LCase(GetCurrentAdministratorName)
 
 

If sLocalAdministrator = sAdministratorName Then

    oLog.Write LogWriteTime & " " & sComputer & " - Found Local Administrator: " & sLocalAdministrator & vbcrlf

    Set oAccount = GetObject("WinNT://" & sComputer & "/" & sLocalAdministrator & ",user")

    oAccount.SetPassword sPassword

    oAccount.SetInfo

    

    If Err = 0 Then

        oLog.Write LogWriteTime & " " & sComputer & " - Password Set: True" & vbcrlf

    Else

        oLog.Write LogWriteTime & " " & sComputer & " - Password Set: False" & vbcrlf

    End If

    oLog.Close()

Else

    oLog.Write LogWriteTime & " " & sComputer & " - Found Local Administrator: " & sLocalAdministrator & vbcrlf

    Set oComputer = GetObject("WinNT://" & sComputer)

    Set oAccount = GetObject("WinNT://" & sComputer & "/" & sLocalAdministrator & ",user")

    oAccount.SetPassword sPassword

    oAccount.SetInfo

    

    If Err = 0 Then

        oLog.Write LogWriteTime & " " & sComputer & " - Password Set: True" & vbcrlf

    Else

        oLog.Write LogWriteTiime & " " & sComputer & " - Password Set: False" & vbcrlf

    End If

    

    Set oRenameAccount = oComputer.MoveHere(oAccount.ADsPath, sAdministratorName)

    

    If Err = 0 Then

        oLog.Write LogWriteTime & " " & sComputer & " - Renamed Local Administrator [" & sLocalAdministrator & "] to [" & sAdministratorName & "]: True" & vbcrlf

    Else

        oLog.Write LogWriteTime & " " & sComputer & " - Renamed Local Administrator [" & sLocalAdministrator & "] to [" & sAdministratorName & "]: False" & vbcrlf

    End If

    oLog.Close()

End If
 

Function GetCurrentAdministratorName

    Dim sUserSID, oWshNetwork, oUserAccount
 

    Set oWshNetwork = CreateObject("WScript.Network")

    Set oUserAccounts = GetObject("winmgmts://" & oWshNetwork.ComputerName & "/root/cimv2").ExecQuery("Select Name, SID from Win32_UserAccount" _

        & " WHERE Domain = '" & oWshNetwork.ComputerName & "'")
 

    On Error Resume Next

        For Each oUserAccount In oUserAccounts

        If Left(oUserAccount.SID, 9) = "S-1-5-21-" And Right(oUserAccount.SID, 4) = "-500" Then

            GetCurrentAdministratorName = oUserAccount.Name

            Exit For

        End if

    Next

End Function
 

Function LogWriteTime

    LogWriteTime = "[" & Date() & " - " & Time() & "] "

End Function

Open in new window

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Learn about cloud computing and its benefits for small business owners.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now