intensecity
IS-IT--Management
Is it possible or is there a way to change the "local administrator" password for all the machines on the network automatically...Instead of going to each machine? Thank you in advance.
Mac
Mac
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Change Local Admin Password? 4
- Thread starter intensecity
- Start date
- Status
-
2
- #2
desktoprat
MIS
Alter this as you see fit. COpy it out and save it as a VBS file. It does use whatever credentials that you are logged in with to run. So the machines you are running against need to have the same name/password combo
set fsomain=createobject("scripting.filesystemobject")
set failedmachines=fsomain.createtextfile("c:\scripts\lists\failed.txt")
set successmachines=fsomain.createtextfile("c:\scripts\lists\success.txt")
Dim txtcomputername
Dim passwrd
On Error Resume Next
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'Go thru each computer and change the admin password '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'Open the text file
set machines=fsomain.opentextfile("c:\scripts\lists\pcs.txt")
'Start looping through the machine names in the file
Do While not machines.AtEndOfLine
txtcomputername = machines.ReadLine
'Goto the local Admin account of the machine
set usr = GetObject("WinNT://" & txtcomputername & "/administrator,user")
'IF you have an error, write to the failed file and do not attempt to change the password
If Err Then
HandleErr()
Err.Clear
Else
passwrd = "putnewpasswordhere"
usr.SetPassword passwrd
usr.SetInfo
successmachines.WriteLine txtcomputername & " was successful"
End If
loop
'Close all open files
failedmachines.close
successmachines.close
'Present yourself a message so you'll know its finsihed
msgbox "Done"
set fsomain=nothing
set txtdata=nothing
set usr=nothing
set dellasset=nothing
Sub HandleErr()
failedmachines.WriteLine txtcomputername & " " & "was probably powered off. " & Err.Number
End Sub
set fsomain=createobject("scripting.filesystemobject")
set failedmachines=fsomain.createtextfile("c:\scripts\lists\failed.txt")
set successmachines=fsomain.createtextfile("c:\scripts\lists\success.txt")
Dim txtcomputername
Dim passwrd
On Error Resume Next
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'Go thru each computer and change the admin password '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'Open the text file
set machines=fsomain.opentextfile("c:\scripts\lists\pcs.txt")
'Start looping through the machine names in the file
Do While not machines.AtEndOfLine
txtcomputername = machines.ReadLine
'Goto the local Admin account of the machine
set usr = GetObject("WinNT://" & txtcomputername & "/administrator,user")
'IF you have an error, write to the failed file and do not attempt to change the password
If Err Then
HandleErr()
Err.Clear
Else
passwrd = "putnewpasswordhere"
usr.SetPassword passwrd
usr.SetInfo
successmachines.WriteLine txtcomputername & " was successful"
End If
loop
'Close all open files
failedmachines.close
successmachines.close
'Present yourself a message so you'll know its finsihed
msgbox "Done"
set fsomain=nothing
set txtdata=nothing
set usr=nothing
set dellasset=nothing
Sub HandleErr()
failedmachines.WriteLine txtcomputername & " " & "was probably powered off. " & Err.Number
End Sub
Great...I had a similar question a few weeks back and all I could find were scripts for NT4 that required a function of NETDOM.EXE that is not available in the current version. Presumably in your script, "c:\scripts\lists\pcs.txt" is a text file with all of the names of your PCs. Are they listed one PC to a line, CSV, or what?
desktoprat
MIS
My list is just a list of IP addresses. Each one on a separate line.
Edit the paths to your own needs, organization preferences, what have you.
Check out the VBScript forums. There are a lot of some interesing ideas/scripts floating around there. My script was developed through a lot of questions in that area.
Edit the paths to your own needs, organization preferences, what have you.
Check out the VBScript forums. There are a lot of some interesing ideas/scripts floating around there. My script was developed through a lot of questions in that area.
-
2
- #5
This one uses a list file with workstation names. Also uses the resource kit utility CUSRMGR.
This script renames the account as well as resets the password. Easy enough to NOT rename the account if you want ot leave it as Admin. I like to change it from a security standpoint.
'***********************************************************************************
'Rename Local Admin Account ***
'By Mark MacLachlan ***
'Purpose: renames admin account and resets password using resource kit utility CUSRMGR ***
'Creation date: 10/8/2002 ***
'Dependencies: requires local file named wslist.txt with workstation names ***
'************************************************************************************
On Error Resume Next
'open the file system object
Set oFSO = CreateObject("Scripting.FileSystemObject")
set objShell = wscript.createObject("wscript.shell")
'open the data file
Set oTextStream = oFSO.OpenTextFile("wslist.txt")
'make an array from the data file
RemotePC = Split(oTextStream.ReadAll, vbNewLine)
'close the data file
oTextStream.Close
For Each strWorkstation In RemotePC
'Do something useful with strWorkstation
'reset the password of !sdadmin if it exists, otherwise script will ignore
Call objShell.Run("cmd.exe /C C:\Progra~1\Resour~1\cusrmgr -u !sdadmin -m \\" & strWorkstation & " -P ""~7A49k^C""", 0, true)
'renames admin account to !sdadmin and the resets password to default
Call objShell.Run("cmd.exe /C C:\Progra~1\Resour~1\cusrmgr -u administrator -m \\" & strWorkstation & " -P ""~7A49k^C"" -r !sdadmin", 0, true)
Next
Set oFSO = Nothing
Msgbox "All done"
WScript.Quit(0)
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
This script renames the account as well as resets the password. Easy enough to NOT rename the account if you want ot leave it as Admin. I like to change it from a security standpoint.
'***********************************************************************************
'Rename Local Admin Account ***
'By Mark MacLachlan ***
'Purpose: renames admin account and resets password using resource kit utility CUSRMGR ***
'Creation date: 10/8/2002 ***
'Dependencies: requires local file named wslist.txt with workstation names ***
'************************************************************************************
On Error Resume Next
'open the file system object
Set oFSO = CreateObject("Scripting.FileSystemObject")
set objShell = wscript.createObject("wscript.shell")
'open the data file
Set oTextStream = oFSO.OpenTextFile("wslist.txt")
'make an array from the data file
RemotePC = Split(oTextStream.ReadAll, vbNewLine)
'close the data file
oTextStream.Close
For Each strWorkstation In RemotePC
'Do something useful with strWorkstation
'reset the password of !sdadmin if it exists, otherwise script will ignore
Call objShell.Run("cmd.exe /C C:\Progra~1\Resour~1\cusrmgr -u !sdadmin -m \\" & strWorkstation & " -P ""~7A49k^C""", 0, true)
'renames admin account to !sdadmin and the resets password to default
Call objShell.Run("cmd.exe /C C:\Progra~1\Resour~1\cusrmgr -u administrator -m \\" & strWorkstation & " -P ""~7A49k^C"" -r !sdadmin", 0, true)
Next
Set oFSO = Nothing
Msgbox "All done"
WScript.Quit(0)
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
desktoprat
MIS
Markdmac, do you have an example of how to change the user name without using cusrmgr? I am looking at the Win32_UserAccount class at the MSDN and not sure how to incorporate that line for renaming purposes.
I don't need the rest of the script, just the line for renaming purposes.
I don't need the rest of the script, just the line for renaming purposes.
desktoprat,
I think this should work for it:
objItem.Put "Name", "newAdmin"
objItem.Put "Caption","newAdmin"
objItem.SetInfo
But in order for this to work you would need to bind to the user object first (objItem) using LDAP instead of the WinNT provider.
If you manage to get this working please let me know as it would be a useful example to keep handy.
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
I think this should work for it:
objItem.Put "Name", "newAdmin"
objItem.Put "Caption","newAdmin"
objItem.SetInfo
But in order for this to work you would need to bind to the user object first (objItem) using LDAP instead of the WinNT provider.
If you manage to get this working please let me know as it would be a useful example to keep handy.
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
desktoprat
MIS
Markdmac
My environment is a very small percentage of our machines are domain, the rest of them are workgroup for the time being. Slowly we are bringing them over to an AD domain. Therefore, I didn't go with the LDAP route. As I understand it, you can't use LDAP to connect to a particular machine.
After doing some searching, I did find this
rename administrator
thread329-585172
I altered it, but would like some explanation if you don't mind. The current itertaion is as follows
'On Error Resume Next
strcomputer = wscript.Arguments (0)
Dim objWshShell, objFSO
'Initiliase a few useful bits...
Set objWshShell = WScript.CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'Rename Test account and set a few attributes
RenameUser strComputer,"test","test2","Test renamed Test2"
Msgbox "Test Account renamed"
'****************************************************************************************
'Functions and Subs below here...
'****************************************************************************************
Sub RenameUser(strDomain,strOldUsername,strNewUsername,strDescription)
Dim objComputer, objUser, objMoveUser
Set objComputer = GetObject("WinNT://" & strDomain)
Set objUser = GetObject("WinNT://" & strDomain & "/" & strOldUsername & ",user")
objUser.FullName = strDescription
objUser.Description = strDescription
objUser.SetInfo
Set objMoveUser = objComputer.MoveHere(objUser.ADsPath, strNewUsername)
Set objComputer = nothing
Set objUser = nothing
Set objMoveUser = nothing
End Sub
'****************************************************************************************
I am sure the 2 Set lines in the can be removed/altered/cleaned up. But why is the objMoveUser line necessary for a rename? The script fails when I take it out.
Also, apparently I am ok, substituting strComputer for strDomain. Presumably, whatever computer I enter at the command line will be its own 'domain' so to speak?
My environment is a very small percentage of our machines are domain, the rest of them are workgroup for the time being. Slowly we are bringing them over to an AD domain. Therefore, I didn't go with the LDAP route. As I understand it, you can't use LDAP to connect to a particular machine.
After doing some searching, I did find this
rename administrator
thread329-585172
I altered it, but would like some explanation if you don't mind. The current itertaion is as follows
'On Error Resume Next
strcomputer = wscript.Arguments (0)
Dim objWshShell, objFSO
'Initiliase a few useful bits...
Set objWshShell = WScript.CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'Rename Test account and set a few attributes
RenameUser strComputer,"test","test2","Test renamed Test2"
Msgbox "Test Account renamed"
'****************************************************************************************
'Functions and Subs below here...
'****************************************************************************************
Sub RenameUser(strDomain,strOldUsername,strNewUsername,strDescription)
Dim objComputer, objUser, objMoveUser
Set objComputer = GetObject("WinNT://" & strDomain)
Set objUser = GetObject("WinNT://" & strDomain & "/" & strOldUsername & ",user")
objUser.FullName = strDescription
objUser.Description = strDescription
objUser.SetInfo
Set objMoveUser = objComputer.MoveHere(objUser.ADsPath, strNewUsername)
Set objComputer = nothing
Set objUser = nothing
Set objMoveUser = nothing
End Sub
'****************************************************************************************
I am sure the 2 Set lines in the can be removed/altered/cleaned up. But why is the objMoveUser line necessary for a rename? The script fails when I take it out.
Also, apparently I am ok, substituting strComputer for strDomain. Presumably, whatever computer I enter at the command line will be its own 'domain' so to speak?
You are correct. The lines for
Set objWshShell = WScript.CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Don't seem to be doing anything and should be able to be ommited.
The objMoveuser is the part that is actually renaming the account, so it can't be removed. Take a careful look at it and you will see that what it is doing is:
Set objMoveUser = Bind to ComputerName:objComputer.Tell the system to do a move(rename):MoveHere(specify old admin ID:objUser.ADsPath, specify new admin ID:strNewUsername)
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
Set objWshShell = WScript.CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Don't seem to be doing anything and should be able to be ommited.
The objMoveuser is the part that is actually renaming the account, so it can't be removed. Take a careful look at it and you will see that what it is doing is:
Set objMoveUser = Bind to ComputerName:objComputer.Tell the system to do a move(rename):MoveHere(specify old admin ID:objUser.ADsPath, specify new admin ID:strNewUsername)
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
The script is ok, but I find it easier to just use cusrmgr from the 2K reskit.
xmsre, I agree with using CUSRMGR, if you take a look at the script that I posted above you will see that that is what I use too. main thing is if you don't use it with a script, it could take you forever to do it if you have a large environment. Scripting it makes it an easy task for large numbers of machines.
I've had to run this against several thousand computers while working for a bank. We were required to change the local admin ID & password for security reasons and there is no way I could have gotten it done as quickly as I did with the script.
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
I've had to run this against several thousand computers while working for a bank. We were required to change the local admin ID & password for security reasons and there is no way I could have gotten it done as quickly as I did with the script.
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
There is several software which does with one click. Try google and search for remote password changer but most of them u hav to buy it.
This one is my favourite coz it doesnt needs to be installed n its freeware.
This one is my favourite coz it doesnt needs to be installed n its freeware.
desktoprat
MIS
I didn't realize cusrmgr was part of the Resource Kit.
I am just very interested in learning how to script right now and thought that this might be a useful idea to learn how to do via script.
I am just very interested in learning how to script right now and thought that this might be a useful idea to learn how to do via script.
- Thread starter
- #14
intensecity
IS-IT--Management
Thanks for all the great posts, I think my problem was answer very well.. Thanks a lot.
So I started to go over this script to see how it works, and I can't figure out the password listed. Is the password included in the script as plaintext and that is the password used, or is that a hashed version of the PW? The script indicates that it resets the PW to "default".
Sorry Mark, I was referring to your script with the ~7A49k^C. The script indicates that it sets the PW to default. I took it to mean that the PW was set to "default", but I think what the comment was saying was that the password that it was using would be whatever you decided to be the organization's default PW for the admin account.
That'll teach me to not read closer.
That'll teach me to not read closer.
- Status
Similar threads
- Locked
- Question
