Solved

Local Admin Passwords

Posted on 2010-08-25
11
473 Views
Last Modified: 2013-12-26
Answer Worth 500 Points!

Objective: In a 2003server / XP Client enviroment - Deploy a solution to quickly change/reset administrator local password in automation. One-time only logon change needed.

Current Solution: Scripting a logon with Group Policy to change local admin password.

Problem: Does not work with current client access- will require admin rights. An need a work around.

On Error Resume Next
Set objOU = GetObject("LDAP://OU=Computers, OU=Engineering, DC=<SERVER>, DC=LOCAL")
objOU.Filter = Array("Computer")

For Each objItem in objOU
    strComputer = objItem.CN
    Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
    objUser.SetPassword("Password")
Next

Wscript.Echo "Passwords have been changed.!"
0
Comment
Question by:Jmarcomb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
11 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33523897
Do you have any Windows Vista/7/2008 boxes anywhere in your domain.  If you do you can use group policy preferences to do this

http://abskb.spaces.live.com/blog/cns!8834054641A09100!1071.entry?sa=500679251

Thanks

Mike
0
 

Author Comment

by:Jmarcomb
ID: 33524265
I have a few windows 7 clients. The directions in the link are unclear for me to proceed.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33524609
So with Windows 7 clients you can use GPP, Darren has a good overview here

http://www.gpoguy.com/Portals/0/Group%20Policy%20Preferences%20Overview.pdf

The XP machines will need some pre-reqs.

I'll also add the VBScript zone to this question

Thanks

Mike
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:Jmarcomb
ID: 33525600
Resarching your solution..
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 33527512
Hi, first off, the script you have should not be run at logon, because it runs against multiple computers each time it is run.

All you should need is a startup script (under Computer Configuration) applied to the OU in question, with the following code:

    Set objNetwork = CreateObject("WScript.Network")
    strComputer = objNetwork.ComputerName
    Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
    objUser.SetPassword("Password")

Regards,

Rob.
0
 

Author Comment

by:Jmarcomb
ID: 33554154
Still working solution.. Will have an answer monday. Thanks.
0
 

Author Closing Comment

by:Jmarcomb
ID: 33562301
There are other options. This one is the best way for my network.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 33563341
Thanks for the grade.

Regards,

Rob.
0
 

Author Comment

by:Jmarcomb
ID: 33566445
Ok- I jumped the gone on this topic. It did not work with group policy from the domain controller to clients using XP. It would however work from locl machine group policy. That is not the desired effect. I want to control it from a central location.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 33572636
For it to work from domain Group Policy, you need to have it as a StartUp script, under Computer Configuration, and you should be pointing the policy to the script that you have copied directly into the NetLogon share of your domain controllers.

Regards,

Rob.
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question