Solved

How do I make a script work for Windows 7...

Posted on 2010-11-19
5
658 Views
Last Modified: 2012-05-10
I have a script that I pieced together which accomplishes the following:  Creates Local Admin, Sets a Password, encodes the password, then writes the encoded value to the registry.

This script works perfectly in Windows XP.
For Windows 7, it creates the Admin User, but does not write the password to the registry, nor does it check the never expire and user can't change password boxes.  (These are less important but it must write the encoded password value to the registry).

Once that value is in the registry, then SCCM inventories the value and the helpdesk can un-encode the password and give the login information to a user, who needs emergency admin rights.

My scripting skills are fairly limited, but learning..  I have pasted the script below:

Any advice anyone can give would be much appreciated.  If anyone likes this and would like the un-encode script, just email me!!  

Thanks!



Option Explicit
'On Error Resume Next

Dim WshShell,FSO,Env,ComputerName,PlainPassword,EncodedPassword,LMAdminExists,IsMember,Groups,Group
Dim User,Accounts,DomainOrWorkgroup,UserFlags,UserFlag

Set WshShell = WScript.CreateObject("WScript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
Set Env = WshShell.Environment("Process")


ComputerName = Env("ComputerName") ' obtain tthe workstation name from the local environment values cache
Set Groups = GetObject("WinNT://" & ComputerName & "") ' Read user groups from local machine
Groups.Filter = Array("group") ' filter out anything but groups from the results
For Each Group In Groups ' check each group in turn (should only be a few)
      If Group.Name = "Administrators" Then ' found the administrators group
            For Each User in Group.Members ' check each user of the administrators group in turn
              If User.Name = "LMAdmin" Then ' An account exists named LMAdmin
                    LMAdminExists = True ' set a value to refer to the fact that the LMAdmin account exists
              End If
        Next
    End If
Next


If LMAdminExists Then ' LMAdmin account has been verified to exist
      CreatePassword ' create both a new plaintext and encoded password
      ResetPassword ' set the LDAdmin account to use the newly created password
      
Else ' LMAdmin does not exist
      CreatePassword ' create both a new plaintext and encoded password
      CreateLMAdmin ' create the local LMAdmin account
      WScript.Quit ' nothing else to do so quit
End If



Sub CreateLMAdmin
      Set Accounts = GetObject("WinNT://" & ComputerName & "") ' Bind to local machine's accounts
      Set User = Accounts.Create("user", "LMAdmin") ' specify a new user named 'LMAdmin' should be created
      User.SetPassword PlainPassword ' Specify the value of the newly generated password
      User.SetInfo ' create the new account using the details specified
      Set Group = GetObject("WinNT://" & ComputerName & "/Administrators,group") ' bind to the local machine's administrators group
      Set User = GetObject("WinNT://" & ComputerName & "/LMAdmin,user") ' bind to the LDAdmin user account
      Group.Add(User.ADsPath) ' add the user to the group
      WshShell.LogEvent 0, "Local Machine Administrator account (LMAdmin) has been created successfully" ' log event to event log
      
      ' add the encoded password to the SCCM custom inventory fields ready for inventory capture
      WshShell.RegWrite "HKLM\SOFTWARE\MyKey\PWCapture",EncodedPassword,"REG_SZ"
      
      ' set the newly created account's password to both never expire and to not be changable
      Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
      Const ADS_UF_PASSWD_CANT_CHANGE = &H0040
       
       End Sub

Sub CreatePassword ' create a new password (both plain text and encoded)
      Dim LowNumber1,HighNumber1,LowNumber2,HighNumber2,LowNumber3,HighNumber3
      Dim Char1,Char2,Char3,Char4,Char5,Char6,Char7,Char8,Char9
      Dim LowAlgorithm,HighAlgorithm,Algorithm,AlgorithmArray,ChosenAlgorithm,AlgorithmSplit
      Dim EncodedChar1,EncodedChar2,EncodedChar3,EncodedChar4,EncodedChar5,EncodedChar6,EncodedChar7,EncodedChar8,EncodedChar9
            
      ' Create 9 sets of upper and lower character-code value ranges from which to generate each of the 9 password characters
      LowNumber1 = 97       ' a
      HighNumber1 = 122       ' x
      LowNumber2 = 65            ' A
      HighNumber2 = 90      ' Z
      LowNumber3 = 48            ' 0
      HighNumber3 = 57      ' 9
      
    Randomize ' From the character-code value ranges specified previously, randomly choose a character code
    Char1 = Int((HighNumber1 - LowNumber1 + 1) * Rnd + LowNumber1)
    Char2 = Int((HighNumber2 - LowNumber2 + 1) * Rnd + LowNumber2)
    Char3 = Int((HighNumber3 - LowNumber3 + 1) * Rnd + LowNumber3)
    Char4 = Int((HighNumber1 - LowNumber1 + 1) * Rnd + LowNumber1)
    Char5 = Int((HighNumber2 - LowNumber2 + 1) * Rnd + LowNumber2)
    Char6 = Int((HighNumber3 - LowNumber3 + 1) * Rnd + LowNumber3)
    Char7 = Int((HighNumber1 - LowNumber1 + 1) * Rnd + LowNumber1)
    Char8 = Int((HighNumber2 - LowNumber2 + 1) * Rnd + LowNumber2)
    Char9 = Int((HighNumber3 - LowNumber3 + 1) * Rnd + LowNumber3)
   
    ' Create a string of all the returned values
    PlainPassword = Chr(Char1) & Chr(Char2) & Chr(Char3) & Chr(Char4) & Chr(Char5) & Chr(Char6) & Chr(Char7) & Chr(Char8) & Chr(Char9)

      ' Create algorithms and assign one to current password creation process from 5 different sets
      LowAlgorithm = 1
      HighAlgorithm = 5
      Randomize ' From the range of 5 values choose one to use (1 through 5)
    Algorithm = Int((HighAlgorithm - LowAlgorithm + 1) * Rnd + LowAlgorithm)
   
    ' specify the values of the algorithms in an array
    AlgorithmArray = Array( "065-586-094-288-691-071-002-097-768-157",_
                                        "066-443-638-242-548-216-643-051-146-465",_
                                        "067-112-563-864-234-856-474-076-609-127",_
                                        "068-447-739-226-863-098-641-204-013-044",_
                                        "069-151-556-284-505-367-433-841-114-498")

    ChosenAlgorithm = AlgorithmArray(Algorithm -1)      ' name the chosen array value (must be minus one as VB arrays start at zero)
        AlgorithmSplit = Split(ChosenAlgorithm,"-")            ' segment the algorithm at each hyphen it contains
        EncodedChar1 = AlgorithmSplit(1) + Char1            ' calculate the encoded values for each segment
        EncodedChar2 = AlgorithmSplit(2) + Char2
        EncodedChar3 = AlgorithmSplit(3) + Char3
        EncodedChar4 = AlgorithmSplit(4) + Char4
        EncodedChar5 = AlgorithmSplit(5) + Char5
        EncodedChar6 = AlgorithmSplit(6) + Char6
        EncodedChar7 = AlgorithmSplit(7) + Char7
        EncodedChar8 = AlgorithmSplit(8) + Char8
        EncodedChar9 = AlgorithmSplit(9) + Char9

      If EncodedChar1 < 10 Then
            EncodedChar1 = "00" & EncodedChar1
      Else
            If EncodedChar1 < 100 Then
                  EncodedChar1 = "0" & EncodedChar1
            End If
      End If
      
      If EncodedChar2 < 10 Then
            EncodedChar2 = "00" & EncodedChar2
      Else
            If EncodedChar2 < 100 Then
                  EncodedChar2 = "0" & EncodedChar2
            End If
      End If
      
      If EncodedChar3 < 10 Then
            EncodedChar3 = "00" & EncodedChar3
      Else
            If EncodedChar3 < 100 Then
                  EncodedChar3 = "0" & EncodedChar3
            End If
      End If
      
      If EncodedChar4 < 10 Then
            EncodedChar4 = "00" & EncodedChar1
      Else
            If EncodedChar4 < 100 Then
                  EncodedChar4 = "0" & EncodedChar1
            End If
      End If
      
      If EncodedChar5 < 10 Then
            EncodedChar5 = "00" & EncodedChar5
      Else
            If EncodedChar5 < 100 Then
                  EncodedChar5 = "0" & EncodedChar5
            End If
      End If
      
      If EncodedChar6 < 10 Then
            EncodedChar6 = "00" & EncodedChar6
      Else
            If EncodedChar6 < 100 Then
                  EncodedChar6 = "0" & EncodedChar6
            End If
      End If
      
      If EncodedChar7 < 10 Then
            EncodedChar7 = "00" & EncodedChar7
      Else
            If EncodedChar7 < 100 Then
                  EncodedChar7 = "0" & EncodedChar7
            End If
      End If
      
      If EncodedChar8 < 10 Then
            EncodedChar8 = "00" & EncodedChar8
      Else
            If EncodedChar8 < 100 Then
                  EncodedChar8 = "0" & EncodedChar8
            End If
      End If
      
      If EncodedChar9 < 10 Then
            EncodedChar9 = "00" & EncodedChar9
      Else
            If EncodedChar9 < 100 Then
                  EncodedChar9 = "0" & EncodedChar9
            End If
      End If

      ' create a value that rejoins the encoded values again seperated by a hyphen
      EncodedPassword =   AlgorithmSplit(0) & EncodedChar1 & "-" & _
                                    EncodedChar2 & EncodedChar3 & "-" & _
                                    EncodedChar4 & EncodedChar5 & "-" & _
                                    EncodedChar6 & EncodedChar7 & "-" & _
                                    EncodedChar8 & EncodedChar9
                                    
      'WScript.Echo PlainPassword & " (" & EncodedPassword & ")"                                    
End Sub

Sub ResetPassword ' Reset LMAdmin account password to new value created by CreatePassword
      Set User = GetObject("WinNT://" & ComputerName & "/LMAdmin, user") ' bind to the LMAdmin account of the local machine
      User.SetPassword PlainPassword ' specify the value to the newly generated password
      User.SetInfo ' set the password to the previously specified value
      ' add the encoded password to the SCCM custom inventory fields ready for inventory capture
      WshShell.RegWrite "HKLM\SOFTWARE\MyKey\PWCapture",EncodedPassword,"REG_SZ"
      WshShell.LogEvent 0, "Local Machine Administrator Account (LMAdmin) password has successfully been changed" ' log event to event log
End Sub

0
Comment
Question by:RonnieKing
  • 3
5 Comments
 
LVL 1

Accepted Solution

by:
wlramsey earned 250 total points
ID: 34176622
I ran into some problems with some scripts that I had written a while back when we introduced Windows 7 into our environment.  The main problems that I had was with the registry edits.  I think it had something to do with the UAC interfering with the modifications.

I ended up having to use reg.exe called from my script to import a pre-made registry file.  I believe that you can also use this command to add or modify keys and values.

I might try disabling UAC on a test machine and see if your script then works.
0
 

Assisted Solution

by:RonnieKing
RonnieKing earned 0 total points
ID: 34176685
Thanks!  I found that my script works if run in the system context using PSExec.  As I want this to run inside a task sequence this will work fine for me.  I need to check the resetting of the password though, which will need to be run when no user is logged in I guess to get the right context.  
0
 

Author Comment

by:RonnieKing
ID: 34665413
Please do not close, I will close and award the answer.
0
 

Author Closing Comment

by:RonnieKing
ID: 34700077
It adds comments.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Online collaboration can help businesses be more efficient, help employees grow their skills and foster a team environment.
This comprehensive conference-networking guide will help you prep, practice and pack for success, reach out with purpose and confidence, capitalize on connections, and turn all those new leads into long-term connections.
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now