• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 658
  • Last Modified:

Group Policy Startup Script to Change Administrators Password

I wish to create a startup script to change the local administrator's password on all the workstations in the building.  I wish to use

net user administrator newpassword

I don't want users to be able to see or get at the password.  How can I accomplish this without them seeing it?

Thanks
0
trsman
Asked:
trsman
1 Solution
 
Donald StewartNetwork AdministratorCommented:
Here's a script that you can use instead of a logon script   :-)

'==========================================================================
'
' NAME:        Local Admin Password Change.vbs    
'
' AUTHOR:    Gene Magerr
' EMAIL:    genemagerr@hotmail.com
'
' COMMENT:    This script will change the local administrators password
'            on all of the computers in the c:\servers.txt file.
'
' VERSION HISTORY:
' 1.0   01/17/2008  Initial release
' 1.1   01/24/2008    Did some work on the formatting in email.
'
'==========================================================================
Option Explicit
On Error Resume Next
'==========================================================================
' VARIABLE DECLARATIONS
'==========================================================================
Dim objShell, objNetwork, objFSO, TestMode, strPassword, objTextFile
Dim strComputers, arrComputer, strComputer, objUser, arrComputers
Dim objMessages, objMessage, objEmail, strMessage, AdminName
 
Set objShell = CreateObject("WScript.Shell")
Set objNetwork = WScript.CreateObject("WScript.Network")
Set objFSO = CreateObject("Scripting.FilesystemObject")
 
'==========================================================================
' STATIC VARIABLE ASSIGNMENTS
'==========================================================================
Const FOR_READING = 1, FOR_WRITING = 2, FOR_APPENDING = 8
 
'==========================================================================
' MAIN SCRIPT CODE
'==========================================================================
strPassword = InputBox("Please enter a new password:", "Local administrators password change.")
 'Check that user entered a password
If strPassword = "" Then
    WScript.Quit
End If
 
If Not objFSO.FileExists("c:\messages.txt") Then
objFSO.CreateTextFile("c:\messages.txt")
End If
 
Set objMessages = objFSO.OpenTextFile("c:\messages.txt", 2)
Set objTextFile = objFSO.OpenTextFile("c:\servers.txt", 1)
objMessages.WriteLine(Now & vbTab & "Starting script..." & vbCrLf)
 
strComputers = objTextFile.ReadAll
objTextFile.Close
 
arrComputers = Split(strComputers, vbCrLf)
    
 'Enumerate each server in the text file
For Each strComputer In arrComputers
 
If Len(strComputer) > 0 Then
 
On Error Resume Next
Set objUsers = GetObject("winmgmts:{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2").ExecQuery( _
"Select Name, SID from Win32_UserAccount WHERE Domain = '" & strComputer & "'")
 
For Each objUser In objUsers
    If Left(objUser.SID, 9) = "S-1-5-21-" And Right(objUser.SID, 4) = "-500" Then
AdminName = objUser.Name
 
Exit For
    End If
Next
 
'Connect to Administrator acccount on server using WinNT provider
    
    Set objUser = GetObject("WinNT://" & strComputer & "/" & AdminName & ",user")
    
     'Check if we connected to the user object successfully
    If Err.Number <> 0 Then
    On Error Goto 0
         'Display an error message & clear the error
        objMessages.WriteLine Now & vbTab & "Unable to connect to Administrator user object on server " & strComputer
        objMessages.WriteLine "Error #" & Err.Number
        objMessages.WriteLine "Error Message : " & Err.Description
        objMessages.WriteLine "========================================================================"
        Err.Clear
    Else    
    
 'Change the password
        objUser.SetPassword strPassword
        objUser.SetInfo ' Save Changes
 
    If Err.Number <> 0 Then
    On Error Goto 0
        'Display an error message & clear the error
        objMessages.WriteLine Now & vbTab & "Unable to change the Administrator password on server " & strComputer
        objMessages.WriteLine "Error #" & Err.Number
        objMessages.WriteLine "Error Message : " & Err.Description
        objMessages.WriteLine "========================================================================"
        Err.Clear
    
    Else
        objMessages.WriteLine Now & vbTab & "Password successfully changed on: " & strComputer
        objMessages.WriteLine "========================================================================"
    End If
  End If
End If
Next
 
objMessages.WriteLine vbCrLf & Now & vbTab & "Ending script..."
objMessages.Close
 
Set objMessages = objFSO.OpenTextFile("c:\messages.txt", 1)
strMessage = objMessages.ReadAll
objMessages.Close
 
'WScript.Echo strMessage
 
Set objEmail = CreateObject("CDO.Message")
objEmail.Sender = "sysadmins@rand.org"
objEmail.To = "gmagerr@rand.org"
objEmail.Subject = "Local Administrators Password Change Results"
 
'objEmail.TextBody = objEmail.TextBody & "This is the password I was prompted for. " & strPassword & vbCrLf & vbCrLf
objEmail.TextBody = objEmail.TextBody & strMessage
objEmail.TextBody = objEmail.TextBody & "Script ran on " & Date()
 
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "mail.rand.org"
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objEmail.Configuration.Fields.Update
'objEmail.CC = "engay@rand.org"
 
objEmail.Send
Set objEmail = Nothing
 
'==========================================================================
' SUBS AND FUNCTIONS
'==========================================================================

Open in new window

0
 
Mike KlineCommented:
Have you used group policy preferences yet?  You can do it that way and the passwords are encrypted.  More on that feature here:
http://www.frickelsoft.net/blog/?p=116
 
So a couple years ago this same issue was discussed over at the activedir.org list.
http://www.activedir.org/ListArchives/tabid/55/forumid/1/postid/20928/view/topic/Default.aspx
One of my all time favorite discussions there; lots of great info from some of the top AD guys.
 
0
 
nappy_dCommented:
You can also use the net dom command and create a batch file like this:
  1. create a text file containing all of the computers you want to perform the task on remotely
  2. use the following command below to rename the computers
  3. For a full explanation of the netdom command, go here http://support.microsoft.com/kb/298593

FOR /F %1 IN (userlist.txt) do "netdom userd:domainname\administrator_id  /passwordd:* /usero:local_admin*

Open in new window

0
Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
trsmanAuthor Commented:
mkline71,

Good info.  I will try it.  Question:  I have renamed the local administrator accounts so although through the above I can only select administrator will it still work on the renamed account?
0
 
Mike KlineCommented:
It should still work because even though you renamed the account the SID is the same.  I'll try and test it out tomorrow to verify for you.
Thanks
MIke
0
 
trsmanAuthor Commented:
MKLINE71,

I was not able to get it to do anything on my XP SP3 test box.  ANy idea why?  I made other changed in the same GP and they were applied.
0
 
Mike KlineCommented:
No, not sure, so only the SP3 box is having issues?  It worked fine on the SP2 boxes?
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now