Re: Password change script using group policy

Tech-Archive recommends: Fix windows errors by optimizing your registry

Vijesh Rajan wrote:
Hi,



We have more than 600 computers in our network and we want to change the local administrator user name and password periodically and doing all manually requires lot of time so we can one script to do that while running this script it will rename the local administrator name and password it detects the administrator with its SID.



Please find the script below of the mail.



Unfortunately this script is not working can some one help us to fine tune this script and help us in term of how to use this script effectively.



Thanks in advance.



Thanks & Regards,

Rajvilas.



..................Script File is here...........





------------------------------ Begining of Script-----------------------------------------------------------



'script: "ModifyLocalAdministrator.vbs"


'*\\this visual basic script can:
' "Rename and reset the local Administrator account at startup"
'
'*\\characteristics of this scripting:
' "no need to publish the administrator password in this code"
' "no need to know the current logon name/passw for the Administrator"

'
'This script must be runned trough a
'Computerconfiguration GPO
'Put this script in a folder called:
' \\'ADdomainname'\NetLogOn\StartUpScripts

'Edit the GPO that is linked_to -=or=-
'inherited_by the OU containing the workstations:
'+Computer Configuration/+Windows Settings/+Scripts/Startup
'click on [Add...]
'+------------------------------------------+
'|Scriptname:
'| 'ADdomainname'\SysVol\'FullDomainname'\StartUpScripts\ModifyLocalAdministrator.vbs
'|
'|Use Script Parameters:
'| /u:newNameAdministrator /p:newPass4LocalAdministrator
'+------------------------------------------+
'where:'ADdomainname' and 'FullDomainname' is the Active Directory Domain name
' And: newNameAdministrator and newPass4LocalAdministrator are the new credentials
' for the local administrator account to be set on each client computer

'NOTE! /p:.... <--- must meet the domain or local password requirements!!!
'


Option Explicit: Dim Named, sNewAdminName, sPasswrdAdmin
On Error Resume Next
Set Named = WScript.Arguments.Named
sNewAdminName = Null'>
sPasswrdAdmin = Null'>

If Named.Exists("u") Then sNewAdminName = Named.Item("u")
If Named.Exists("p") Then sPasswrdAdmin = Named.Item("p")

If Not IsNull(sNewAdminName & sPasswrdAdmin) Then
updateAdministrator()
Else
Err.Raise 100, WScript.ScriptName, "at least one parameter is required"
End If

If Err.Number <> 0 Then ErrorSnd(Err.Number)
Err.Clear '(undo: err.raise )
sNewAdminName="<done"'successfully>
sPasswrdAdmin="<done"'successfully>

wscript.quit 0



Sub updateAdministrator()
Dim regEx, objWMIService, colAccounts, objAccount, objUser, getName
Set regEx = New RegExp
regEx.IgnoreCase = False
regEx.Pattern = "^S-1-5-21-\d{8,}-\d{8,}-\d{8,}-500$"
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
set colAccounts = objWMIService.ExecQuery("select * From Win32_UserAccount" &_
" Where LocalAccount = TRUE")
For each objAccount in colAccounts
If regEx.Test(objAccount.SID) then
If Not IsNull(sPasswrdAdmin) Then
set objUser = GetObject("WinNT://./" & objAccount.Name)
objUser.SetPassword(sPasswrdAdmin)
End If
If Not IsNull(sNewAdminName) Then objAccount.Rename sNewAdminName
exit Sub 'no need for continue searching
End If
Next
End Sub

Sub ErrorSnd(code)
Dim objShell, oWshEnvironment, strSoundFile
Set objShell = CreateObject("Wscript.Shell")
Set oWshEnvironment = objShell.Environment("Process")
strSoundFile = oWshEnvironment("SystemRoot") & "\media\Defsound.wav"
objShell.Run "sndrec32 /play /close " & chr(34) & strSoundFile & chr(34), 0, False
Set objShell = Nothing
Set oWshEnvironment = Nothing
End Sub


--------------------------------- End of Script-----------------------------------------------------------



Can you successfully run the script manually when logged on with admin credentials? If not, what errors are you getting? You might need to comment out On Error Resume Next so if there are errors you can see what they are. You have to verify the script runs fine manually before you can set it up as a computer start up script.

--
Jeffery Hicks
SAPIEN Technologies - Scripting, Simplified. www.SAPIEN.com
VBScript & Windows PowerShell Training - www.ScriptingTraining.com/classes.asp
Windows PowerShell? - www.SAPIENPress.com/powershell.asp

blog: http://blog.SAPIEN.com
blog: http://jdhitsolutions.blogspot.com
.

Relevant Pages

  • Re: Detecting is hyperthreading is enabled with WMI?
    ... It is too bad that WMI does not give this info. ... have to be done to the script. ... Public Sub DisplayProcessorInfo ... dim ProcessorSet, Processor ...
    (microsoft.public.windowsxp.wmi)
  • Cant make this page work
    ... I can't make this script work properly. ... The script at the bottom of the html page ... Does someone have a perl ... sub output_trace_headers { ...
    (comp.lang.javascript)
  • Re: Maybe I should try a different approach
    ... entire time my script is running, then have it close when my script is done and maybe have some dots keep adding to the text message until the script is fully completed? ... ' The "Three Ugly Hack" Script, ... Sub oATO_vbTimerEvent' timer event handler... ... Public Property Let Left ...
    (microsoft.public.scripting.vbscript)
  • Re: Win32_Product doesnt list all installed Applications
    ... 'Must have ADSI and WMI installed on PC running script. ... CONST ForReading = 1 ... Sub Connect ... strHTML = "Smoke'm if you Got'em" ...
    (microsoft.public.windows.server.scripting)
  • Win32_Product doesnt list all installed Applications
    ... 'Must have ADSI and WMI installed on PC running script. ... CONST ForReading = 1 ... Sub Connect ... strHTML = "Smoke'm if you Got'em" ...
    (microsoft.public.windows.server.scripting)