Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need a script that can set a local admin password

Posted on 2008-06-24
6
Medium Priority
?
236 Views
Last Modified: 2010-04-16
I'd like a simple script to set the local admin password, something that can be applied via group policy.  Can anyone point me in the right direction on this?

Thanks!
0
Comment
Question by:instaIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 21857905
0
 
LVL 8

Expert Comment

by:rjwesley
ID: 21857973
Never tried it but I hear it works........http://www.systemtools.com/

http://technet.microsoft.com/en-ca/library/bb742536.aspx - possibly works on 2003?

Rob
0
 
LVL 17

Expert Comment

by:Jared Luker
ID: 21858170
Keep in mind that if you do that, you will be sending your local admin password out in plain text and also storing it in a location where users can get to it.

It's not a good idea security wise.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 5

Expert Comment

by:RightNL
ID: 21858438
do you absolutly need the localadmin? if not why not disable using gpo..

try: http://www.moernaut.com/default.aspx?item=supercrypt

and ofcourse there is an earlier solutions on this forum

http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_23433534.html

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21858494
You can 'build' yourself a little utility to change the local administrator's password remotely using the cusrmgr.exe command. I have written a very simple batch file below that will allow you to do it.

From an earlier post of mine:
I don't know how familiar you are with batch files so I will explain in detail.
Copy from the Windows 2000 Resource Kit or from  http://www.activexperts.com/activmonitor/windowsmanagement/reskit2000/  the file cusrmgr.exe and put it in a folder of your choice. I would do this from the domain controller but it should work from any workstation in the domain so long as you are logged in as a domain admin.
In the same folder create a batch file named ChngPass.bat or similar. Do this by entering the text below in Notepad and saving as "ChngPass.bat" make sure you use the quotation marks to assure it saves as a batch file. Enter your password in the first line of the batch file containing Set. Now simply run by going to a command prompt. Change to the directory where you put your files and enter:
 
ChngPass computername
 
I have incorporated the password in the batch file as I assume you want to change several computers, and this way you will not have to enter it each time. By the way enter the computer name only not \\computername.
NOTE: The password is stored in the batch file in clear text. As soon as you have completed your changes you should remove the password.
 
If you have many computers, or do this frequently, you can create a text list of computers and have it run a loop to change them all to the new password in one step. If you need a batch file to do that, I'm off for a couple of days, but let me know and I can modify and post on Monday for you .
--Rob
 
 
:: will change local administrator password on computer %1
:: enter your password in first set line
:: (Note: -P (warning, lower case p generates random password) see csrmgr.exe /? for full syntax
Cls
Set NewPW=newpassword
cusrmgr.exe -u Administrator -m \\%1 -P %NewPW
Set NewPW=
0
 
LVL 8

Accepted Solution

by:
CoyotesIT earned 2000 total points
ID: 21860136
I use this for our quarterly password changes on all local admin accounts, this script renames the local administrator account to sysadmin, so if you dont want that take it out. then just add it to the startup scripts in your gpo...

Good luck!
On Error Resume Next
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
 
Set oFs = CreateObject("Scripting.FileSystemObject")
Set oLog = oFs.OpenTextFile("LocalPassword.log", ForAppending, True)
Set oNet = CreateObject("WScript.Network")
Set oArg = WScript.Arguments
 
'sComputer = oNet.ComputerName
sComputer = oArg(0)
sAdministratorName = "sysadmin"
sPassword = "<YOUR_NEW_PASSWORD>"
sLocalAdministrator = LCase(GetCurrentAdministratorName)
 
 
If sLocalAdministrator = sAdministratorName Then
    oLog.Write LogWriteTime & " " & sComputer & " - Found Local Administrator: " & sLocalAdministrator & vbcrlf
    Set oAccount = GetObject("WinNT://" & sComputer & "/" & sLocalAdministrator & ",user")
    oAccount.SetPassword sPassword
    oAccount.SetInfo
    
    If Err = 0 Then
        oLog.Write LogWriteTime & " " & sComputer & " - Password Set: True" & vbcrlf
    Else
        oLog.Write LogWriteTime & " " & sComputer & " - Password Set: False" & vbcrlf
    End If
    oLog.Close()
Else
    oLog.Write LogWriteTime & " " & sComputer & " - Found Local Administrator: " & sLocalAdministrator & vbcrlf
    Set oComputer = GetObject("WinNT://" & sComputer)
    Set oAccount = GetObject("WinNT://" & sComputer & "/" & sLocalAdministrator & ",user")
    oAccount.SetPassword sPassword
    oAccount.SetInfo
    
    If Err = 0 Then
        oLog.Write LogWriteTime & " " & sComputer & " - Password Set: True" & vbcrlf
    Else
        oLog.Write LogWriteTiime & " " & sComputer & " - Password Set: False" & vbcrlf
    End If
    
    Set oRenameAccount = oComputer.MoveHere(oAccount.ADsPath, sAdministratorName)
    
    If Err = 0 Then
        oLog.Write LogWriteTime & " " & sComputer & " - Renamed Local Administrator [" & sLocalAdministrator & "] to [" & sAdministratorName & "]: True" & vbcrlf
    Else
        oLog.Write LogWriteTime & " " & sComputer & " - Renamed Local Administrator [" & sLocalAdministrator & "] to [" & sAdministratorName & "]: False" & vbcrlf
    End If
    oLog.Close()
End If
 
Function GetCurrentAdministratorName
    Dim sUserSID, oWshNetwork, oUserAccount
 
    Set oWshNetwork = CreateObject("WScript.Network")
    Set oUserAccounts = GetObject("winmgmts://" & oWshNetwork.ComputerName & "/root/cimv2").ExecQuery("Select Name, SID from Win32_UserAccount" _
        & " WHERE Domain = '" & oWshNetwork.ComputerName & "'")
 
    On Error Resume Next
        For Each oUserAccount In oUserAccounts
        If Left(oUserAccount.SID, 9) = "S-1-5-21-" And Right(oUserAccount.SID, 4) = "-500" Then
            GetCurrentAdministratorName = oUserAccount.Name
            Exit For
        End if
    Next
End Function
 
Function LogWriteTime
    LogWriteTime = "[" & Date() & " - " & Time() & "] "
End Function

Open in new window

0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Batch, VBS, and scripts in general are incredibly useful for repetitive tasks.  Some tasks can take a while to complete and it can be annoying to check back only to discover that your script finished 5 minutes ago.  Some scripts may complete nearly …
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question