How do I make a script work for Windows 7...

Posted on 2010-11-19
Last Modified: 2012-05-10
I have a script that I pieced together which accomplishes the following:  Creates Local Admin, Sets a Password, encodes the password, then writes the encoded value to the registry.

This script works perfectly in Windows XP.
For Windows 7, it creates the Admin User, but does not write the password to the registry, nor does it check the never expire and user can't change password boxes.  (These are less important but it must write the encoded password value to the registry).

Once that value is in the registry, then SCCM inventories the value and the helpdesk can un-encode the password and give the login information to a user, who needs emergency admin rights.

My scripting skills are fairly limited, but learning..  I have pasted the script below:

Any advice anyone can give would be much appreciated.  If anyone likes this and would like the un-encode script, just email me!!  


Option Explicit
'On Error Resume Next

Dim WshShell,FSO,Env,ComputerName,PlainPassword,EncodedPassword,LMAdminExists,IsMember,Groups,Group
Dim User,Accounts,DomainOrWorkgroup,UserFlags,UserFlag

Set WshShell = WScript.CreateObject("WScript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
Set Env = WshShell.Environment("Process")

ComputerName = Env("ComputerName") ' obtain tthe workstation name from the local environment values cache
Set Groups = GetObject("WinNT://" & ComputerName & "") ' Read user groups from local machine
Groups.Filter = Array("group") ' filter out anything but groups from the results
For Each Group In Groups ' check each group in turn (should only be a few)
      If Group.Name = "Administrators" Then ' found the administrators group
            For Each User in Group.Members ' check each user of the administrators group in turn
              If User.Name = "LMAdmin" Then ' An account exists named LMAdmin
                    LMAdminExists = True ' set a value to refer to the fact that the LMAdmin account exists
              End If
    End If

If LMAdminExists Then ' LMAdmin account has been verified to exist
      CreatePassword ' create both a new plaintext and encoded password
      ResetPassword ' set the LDAdmin account to use the newly created password
Else ' LMAdmin does not exist
      CreatePassword ' create both a new plaintext and encoded password
      CreateLMAdmin ' create the local LMAdmin account
      WScript.Quit ' nothing else to do so quit
End If

Sub CreateLMAdmin
      Set Accounts = GetObject("WinNT://" & ComputerName & "") ' Bind to local machine's accounts
      Set User = Accounts.Create("user", "LMAdmin") ' specify a new user named 'LMAdmin' should be created
      User.SetPassword PlainPassword ' Specify the value of the newly generated password
      User.SetInfo ' create the new account using the details specified
      Set Group = GetObject("WinNT://" & ComputerName & "/Administrators,group") ' bind to the local machine's administrators group
      Set User = GetObject("WinNT://" & ComputerName & "/LMAdmin,user") ' bind to the LDAdmin user account
      Group.Add(User.ADsPath) ' add the user to the group
      WshShell.LogEvent 0, "Local Machine Administrator account (LMAdmin) has been created successfully" ' log event to event log
      ' add the encoded password to the SCCM custom inventory fields ready for inventory capture
      WshShell.RegWrite "HKLM\SOFTWARE\MyKey\PWCapture",EncodedPassword,"REG_SZ"
      ' set the newly created account's password to both never expire and to not be changable
      Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
      Const ADS_UF_PASSWD_CANT_CHANGE = &H0040
       End Sub

Sub CreatePassword ' create a new password (both plain text and encoded)
      Dim LowNumber1,HighNumber1,LowNumber2,HighNumber2,LowNumber3,HighNumber3
      Dim Char1,Char2,Char3,Char4,Char5,Char6,Char7,Char8,Char9
      Dim LowAlgorithm,HighAlgorithm,Algorithm,AlgorithmArray,ChosenAlgorithm,AlgorithmSplit
      Dim EncodedChar1,EncodedChar2,EncodedChar3,EncodedChar4,EncodedChar5,EncodedChar6,EncodedChar7,EncodedChar8,EncodedChar9
      ' Create 9 sets of upper and lower character-code value ranges from which to generate each of the 9 password characters
      LowNumber1 = 97       ' a
      HighNumber1 = 122       ' x
      LowNumber2 = 65            ' A
      HighNumber2 = 90      ' Z
      LowNumber3 = 48            ' 0
      HighNumber3 = 57      ' 9
    Randomize ' From the character-code value ranges specified previously, randomly choose a character code
    Char1 = Int((HighNumber1 - LowNumber1 + 1) * Rnd + LowNumber1)
    Char2 = Int((HighNumber2 - LowNumber2 + 1) * Rnd + LowNumber2)
    Char3 = Int((HighNumber3 - LowNumber3 + 1) * Rnd + LowNumber3)
    Char4 = Int((HighNumber1 - LowNumber1 + 1) * Rnd + LowNumber1)
    Char5 = Int((HighNumber2 - LowNumber2 + 1) * Rnd + LowNumber2)
    Char6 = Int((HighNumber3 - LowNumber3 + 1) * Rnd + LowNumber3)
    Char7 = Int((HighNumber1 - LowNumber1 + 1) * Rnd + LowNumber1)
    Char8 = Int((HighNumber2 - LowNumber2 + 1) * Rnd + LowNumber2)
    Char9 = Int((HighNumber3 - LowNumber3 + 1) * Rnd + LowNumber3)
    ' Create a string of all the returned values
    PlainPassword = Chr(Char1) & Chr(Char2) & Chr(Char3) & Chr(Char4) & Chr(Char5) & Chr(Char6) & Chr(Char7) & Chr(Char8) & Chr(Char9)

      ' Create algorithms and assign one to current password creation process from 5 different sets
      LowAlgorithm = 1
      HighAlgorithm = 5
      Randomize ' From the range of 5 values choose one to use (1 through 5)
    Algorithm = Int((HighAlgorithm - LowAlgorithm + 1) * Rnd + LowAlgorithm)
    ' specify the values of the algorithms in an array
    AlgorithmArray = Array( "065-586-094-288-691-071-002-097-768-157",_

    ChosenAlgorithm = AlgorithmArray(Algorithm -1)      ' name the chosen array value (must be minus one as VB arrays start at zero)
        AlgorithmSplit = Split(ChosenAlgorithm,"-")            ' segment the algorithm at each hyphen it contains
        EncodedChar1 = AlgorithmSplit(1) + Char1            ' calculate the encoded values for each segment
        EncodedChar2 = AlgorithmSplit(2) + Char2
        EncodedChar3 = AlgorithmSplit(3) + Char3
        EncodedChar4 = AlgorithmSplit(4) + Char4
        EncodedChar5 = AlgorithmSplit(5) + Char5
        EncodedChar6 = AlgorithmSplit(6) + Char6
        EncodedChar7 = AlgorithmSplit(7) + Char7
        EncodedChar8 = AlgorithmSplit(8) + Char8
        EncodedChar9 = AlgorithmSplit(9) + Char9

      If EncodedChar1 < 10 Then
            EncodedChar1 = "00" & EncodedChar1
            If EncodedChar1 < 100 Then
                  EncodedChar1 = "0" & EncodedChar1
            End If
      End If
      If EncodedChar2 < 10 Then
            EncodedChar2 = "00" & EncodedChar2
            If EncodedChar2 < 100 Then
                  EncodedChar2 = "0" & EncodedChar2
            End If
      End If
      If EncodedChar3 < 10 Then
            EncodedChar3 = "00" & EncodedChar3
            If EncodedChar3 < 100 Then
                  EncodedChar3 = "0" & EncodedChar3
            End If
      End If
      If EncodedChar4 < 10 Then
            EncodedChar4 = "00" & EncodedChar1
            If EncodedChar4 < 100 Then
                  EncodedChar4 = "0" & EncodedChar1
            End If
      End If
      If EncodedChar5 < 10 Then
            EncodedChar5 = "00" & EncodedChar5
            If EncodedChar5 < 100 Then
                  EncodedChar5 = "0" & EncodedChar5
            End If
      End If
      If EncodedChar6 < 10 Then
            EncodedChar6 = "00" & EncodedChar6
            If EncodedChar6 < 100 Then
                  EncodedChar6 = "0" & EncodedChar6
            End If
      End If
      If EncodedChar7 < 10 Then
            EncodedChar7 = "00" & EncodedChar7
            If EncodedChar7 < 100 Then
                  EncodedChar7 = "0" & EncodedChar7
            End If
      End If
      If EncodedChar8 < 10 Then
            EncodedChar8 = "00" & EncodedChar8
            If EncodedChar8 < 100 Then
                  EncodedChar8 = "0" & EncodedChar8
            End If
      End If
      If EncodedChar9 < 10 Then
            EncodedChar9 = "00" & EncodedChar9
            If EncodedChar9 < 100 Then
                  EncodedChar9 = "0" & EncodedChar9
            End If
      End If

      ' create a value that rejoins the encoded values again seperated by a hyphen
      EncodedPassword =   AlgorithmSplit(0) & EncodedChar1 & "-" & _
                                    EncodedChar2 & EncodedChar3 & "-" & _
                                    EncodedChar4 & EncodedChar5 & "-" & _
                                    EncodedChar6 & EncodedChar7 & "-" & _
                                    EncodedChar8 & EncodedChar9
      'WScript.Echo PlainPassword & " (" & EncodedPassword & ")"                                    
End Sub

Sub ResetPassword ' Reset LMAdmin account password to new value created by CreatePassword
      Set User = GetObject("WinNT://" & ComputerName & "/LMAdmin, user") ' bind to the LMAdmin account of the local machine
      User.SetPassword PlainPassword ' specify the value to the newly generated password
      User.SetInfo ' set the password to the previously specified value
      ' add the encoded password to the SCCM custom inventory fields ready for inventory capture
      WshShell.RegWrite "HKLM\SOFTWARE\MyKey\PWCapture",EncodedPassword,"REG_SZ"
      WshShell.LogEvent 0, "Local Machine Administrator Account (LMAdmin) password has successfully been changed" ' log event to event log
End Sub

Question by:RonnieKing
  • 3

Accepted Solution

wlramsey earned 250 total points
ID: 34176622
I ran into some problems with some scripts that I had written a while back when we introduced Windows 7 into our environment.  The main problems that I had was with the registry edits.  I think it had something to do with the UAC interfering with the modifications.

I ended up having to use reg.exe called from my script to import a pre-made registry file.  I believe that you can also use this command to add or modify keys and values.

I might try disabling UAC on a test machine and see if your script then works.

Assisted Solution

RonnieKing earned 0 total points
ID: 34176685
Thanks!  I found that my script works if run in the system context using PSExec.  As I want this to run inside a task sequence this will work fine for me.  I need to check the resetting of the password though, which will need to be run when no user is logged in I guess to get the right context.  

Author Comment

ID: 34665413
Please do not close, I will close and award the answer.

Author Closing Comment

ID: 34700077
It adds comments.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
Why pager replacement is still an issue OnPage has what some might call a “hate/hate” relationship with pagers. Not much room for love. As we see it, pagers are an antiquated bit of technology. Pagers are dinosaurs which, like most dinosaurs, sho…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question