Solved

How do I make a script work for Windows 7...

Posted on 2010-11-19
5
663 Views
Last Modified: 2012-05-10
I have a script that I pieced together which accomplishes the following:  Creates Local Admin, Sets a Password, encodes the password, then writes the encoded value to the registry.

This script works perfectly in Windows XP.
For Windows 7, it creates the Admin User, but does not write the password to the registry, nor does it check the never expire and user can't change password boxes.  (These are less important but it must write the encoded password value to the registry).

Once that value is in the registry, then SCCM inventories the value and the helpdesk can un-encode the password and give the login information to a user, who needs emergency admin rights.

My scripting skills are fairly limited, but learning..  I have pasted the script below:

Any advice anyone can give would be much appreciated.  If anyone likes this and would like the un-encode script, just email me!!  

Thanks!



Option Explicit
'On Error Resume Next

Dim WshShell,FSO,Env,ComputerName,PlainPassword,EncodedPassword,LMAdminExists,IsMember,Groups,Group
Dim User,Accounts,DomainOrWorkgroup,UserFlags,UserFlag

Set WshShell = WScript.CreateObject("WScript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
Set Env = WshShell.Environment("Process")


ComputerName = Env("ComputerName") ' obtain tthe workstation name from the local environment values cache
Set Groups = GetObject("WinNT://" & ComputerName & "") ' Read user groups from local machine
Groups.Filter = Array("group") ' filter out anything but groups from the results
For Each Group In Groups ' check each group in turn (should only be a few)
      If Group.Name = "Administrators" Then ' found the administrators group
            For Each User in Group.Members ' check each user of the administrators group in turn
              If User.Name = "LMAdmin" Then ' An account exists named LMAdmin
                    LMAdminExists = True ' set a value to refer to the fact that the LMAdmin account exists
              End If
        Next
    End If
Next


If LMAdminExists Then ' LMAdmin account has been verified to exist
      CreatePassword ' create both a new plaintext and encoded password
      ResetPassword ' set the LDAdmin account to use the newly created password
      
Else ' LMAdmin does not exist
      CreatePassword ' create both a new plaintext and encoded password
      CreateLMAdmin ' create the local LMAdmin account
      WScript.Quit ' nothing else to do so quit
End If



Sub CreateLMAdmin
      Set Accounts = GetObject("WinNT://" & ComputerName & "") ' Bind to local machine's accounts
      Set User = Accounts.Create("user", "LMAdmin") ' specify a new user named 'LMAdmin' should be created
      User.SetPassword PlainPassword ' Specify the value of the newly generated password
      User.SetInfo ' create the new account using the details specified
      Set Group = GetObject("WinNT://" & ComputerName & "/Administrators,group") ' bind to the local machine's administrators group
      Set User = GetObject("WinNT://" & ComputerName & "/LMAdmin,user") ' bind to the LDAdmin user account
      Group.Add(User.ADsPath) ' add the user to the group
      WshShell.LogEvent 0, "Local Machine Administrator account (LMAdmin) has been created successfully" ' log event to event log
      
      ' add the encoded password to the SCCM custom inventory fields ready for inventory capture
      WshShell.RegWrite "HKLM\SOFTWARE\MyKey\PWCapture",EncodedPassword,"REG_SZ"
      
      ' set the newly created account's password to both never expire and to not be changable
      Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
      Const ADS_UF_PASSWD_CANT_CHANGE = &H0040
       
       End Sub

Sub CreatePassword ' create a new password (both plain text and encoded)
      Dim LowNumber1,HighNumber1,LowNumber2,HighNumber2,LowNumber3,HighNumber3
      Dim Char1,Char2,Char3,Char4,Char5,Char6,Char7,Char8,Char9
      Dim LowAlgorithm,HighAlgorithm,Algorithm,AlgorithmArray,ChosenAlgorithm,AlgorithmSplit
      Dim EncodedChar1,EncodedChar2,EncodedChar3,EncodedChar4,EncodedChar5,EncodedChar6,EncodedChar7,EncodedChar8,EncodedChar9
            
      ' Create 9 sets of upper and lower character-code value ranges from which to generate each of the 9 password characters
      LowNumber1 = 97       ' a
      HighNumber1 = 122       ' x
      LowNumber2 = 65            ' A
      HighNumber2 = 90      ' Z
      LowNumber3 = 48            ' 0
      HighNumber3 = 57      ' 9
      
    Randomize ' From the character-code value ranges specified previously, randomly choose a character code
    Char1 = Int((HighNumber1 - LowNumber1 + 1) * Rnd + LowNumber1)
    Char2 = Int((HighNumber2 - LowNumber2 + 1) * Rnd + LowNumber2)
    Char3 = Int((HighNumber3 - LowNumber3 + 1) * Rnd + LowNumber3)
    Char4 = Int((HighNumber1 - LowNumber1 + 1) * Rnd + LowNumber1)
    Char5 = Int((HighNumber2 - LowNumber2 + 1) * Rnd + LowNumber2)
    Char6 = Int((HighNumber3 - LowNumber3 + 1) * Rnd + LowNumber3)
    Char7 = Int((HighNumber1 - LowNumber1 + 1) * Rnd + LowNumber1)
    Char8 = Int((HighNumber2 - LowNumber2 + 1) * Rnd + LowNumber2)
    Char9 = Int((HighNumber3 - LowNumber3 + 1) * Rnd + LowNumber3)
   
    ' Create a string of all the returned values
    PlainPassword = Chr(Char1) & Chr(Char2) & Chr(Char3) & Chr(Char4) & Chr(Char5) & Chr(Char6) & Chr(Char7) & Chr(Char8) & Chr(Char9)

      ' Create algorithms and assign one to current password creation process from 5 different sets
      LowAlgorithm = 1
      HighAlgorithm = 5
      Randomize ' From the range of 5 values choose one to use (1 through 5)
    Algorithm = Int((HighAlgorithm - LowAlgorithm + 1) * Rnd + LowAlgorithm)
   
    ' specify the values of the algorithms in an array
    AlgorithmArray = Array( "065-586-094-288-691-071-002-097-768-157",_
                                        "066-443-638-242-548-216-643-051-146-465",_
                                        "067-112-563-864-234-856-474-076-609-127",_
                                        "068-447-739-226-863-098-641-204-013-044",_
                                        "069-151-556-284-505-367-433-841-114-498")

    ChosenAlgorithm = AlgorithmArray(Algorithm -1)      ' name the chosen array value (must be minus one as VB arrays start at zero)
        AlgorithmSplit = Split(ChosenAlgorithm,"-")            ' segment the algorithm at each hyphen it contains
        EncodedChar1 = AlgorithmSplit(1) + Char1            ' calculate the encoded values for each segment
        EncodedChar2 = AlgorithmSplit(2) + Char2
        EncodedChar3 = AlgorithmSplit(3) + Char3
        EncodedChar4 = AlgorithmSplit(4) + Char4
        EncodedChar5 = AlgorithmSplit(5) + Char5
        EncodedChar6 = AlgorithmSplit(6) + Char6
        EncodedChar7 = AlgorithmSplit(7) + Char7
        EncodedChar8 = AlgorithmSplit(8) + Char8
        EncodedChar9 = AlgorithmSplit(9) + Char9

      If EncodedChar1 < 10 Then
            EncodedChar1 = "00" & EncodedChar1
      Else
            If EncodedChar1 < 100 Then
                  EncodedChar1 = "0" & EncodedChar1
            End If
      End If
      
      If EncodedChar2 < 10 Then
            EncodedChar2 = "00" & EncodedChar2
      Else
            If EncodedChar2 < 100 Then
                  EncodedChar2 = "0" & EncodedChar2
            End If
      End If
      
      If EncodedChar3 < 10 Then
            EncodedChar3 = "00" & EncodedChar3
      Else
            If EncodedChar3 < 100 Then
                  EncodedChar3 = "0" & EncodedChar3
            End If
      End If
      
      If EncodedChar4 < 10 Then
            EncodedChar4 = "00" & EncodedChar1
      Else
            If EncodedChar4 < 100 Then
                  EncodedChar4 = "0" & EncodedChar1
            End If
      End If
      
      If EncodedChar5 < 10 Then
            EncodedChar5 = "00" & EncodedChar5
      Else
            If EncodedChar5 < 100 Then
                  EncodedChar5 = "0" & EncodedChar5
            End If
      End If
      
      If EncodedChar6 < 10 Then
            EncodedChar6 = "00" & EncodedChar6
      Else
            If EncodedChar6 < 100 Then
                  EncodedChar6 = "0" & EncodedChar6
            End If
      End If
      
      If EncodedChar7 < 10 Then
            EncodedChar7 = "00" & EncodedChar7
      Else
            If EncodedChar7 < 100 Then
                  EncodedChar7 = "0" & EncodedChar7
            End If
      End If
      
      If EncodedChar8 < 10 Then
            EncodedChar8 = "00" & EncodedChar8
      Else
            If EncodedChar8 < 100 Then
                  EncodedChar8 = "0" & EncodedChar8
            End If
      End If
      
      If EncodedChar9 < 10 Then
            EncodedChar9 = "00" & EncodedChar9
      Else
            If EncodedChar9 < 100 Then
                  EncodedChar9 = "0" & EncodedChar9
            End If
      End If

      ' create a value that rejoins the encoded values again seperated by a hyphen
      EncodedPassword =   AlgorithmSplit(0) & EncodedChar1 & "-" & _
                                    EncodedChar2 & EncodedChar3 & "-" & _
                                    EncodedChar4 & EncodedChar5 & "-" & _
                                    EncodedChar6 & EncodedChar7 & "-" & _
                                    EncodedChar8 & EncodedChar9
                                    
      'WScript.Echo PlainPassword & " (" & EncodedPassword & ")"                                    
End Sub

Sub ResetPassword ' Reset LMAdmin account password to new value created by CreatePassword
      Set User = GetObject("WinNT://" & ComputerName & "/LMAdmin, user") ' bind to the LMAdmin account of the local machine
      User.SetPassword PlainPassword ' specify the value to the newly generated password
      User.SetInfo ' set the password to the previously specified value
      ' add the encoded password to the SCCM custom inventory fields ready for inventory capture
      WshShell.RegWrite "HKLM\SOFTWARE\MyKey\PWCapture",EncodedPassword,"REG_SZ"
      WshShell.LogEvent 0, "Local Machine Administrator Account (LMAdmin) password has successfully been changed" ' log event to event log
End Sub

0
Comment
Question by:RonnieKing
  • 3
5 Comments
 
LVL 1

Accepted Solution

by:
wlramsey earned 250 total points
ID: 34176622
I ran into some problems with some scripts that I had written a while back when we introduced Windows 7 into our environment.  The main problems that I had was with the registry edits.  I think it had something to do with the UAC interfering with the modifications.

I ended up having to use reg.exe called from my script to import a pre-made registry file.  I believe that you can also use this command to add or modify keys and values.

I might try disabling UAC on a test machine and see if your script then works.
0
 

Assisted Solution

by:RonnieKing
RonnieKing earned 0 total points
ID: 34176685
Thanks!  I found that my script works if run in the system context using PSExec.  As I want this to run inside a task sequence this will work fine for me.  I need to check the resetting of the password though, which will need to be run when no user is logged in I guess to get the right context.  
0
 

Author Comment

by:RonnieKing
ID: 34665413
Please do not close, I will close and award the answer.
0
 

Author Closing Comment

by:RonnieKing
ID: 34700077
It adds comments.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note: This is the second blog post in a series on email clearinghouses (https://www.xmatters.com/alert-management/blog-email-has-failed-us?utm_campaign=70138000000ydLoAAI&utm_source=exex&utm_medium=article&utm_content=blog-post).   Every month t…
There's a better way to communicate time sensitive or critical info.
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now