Re: Changing the local admin password base on the computer's OU

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Vasil Bachvarov" <v_bachvarov@xxxxxxxxxxx>
• Date: Wed, 25 Feb 2009 11:39:56 +0100

---

Hi again,

And maybe a third recommendation:

3. You can put the common code of the two IF-bodies in front of them, so you
do not have duplicate code. In case you have to change something, you would
do it only in 1 place, not in 2.
However, you should be careful that the 3 moved lines will be executed
always, regardless of the conditions (which does not seem to be a problem in
this current case).

Here is your modified code:

=================
Dim WshNetwork, Sh, fso, WSHShell
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set Sh = WScript.CreateObject("WScript.Shell")
Set fso = WScript.CreateObject("Scripting.FileSystemObject")

ComputerName = WshNetwork.ComputerName

' The following 3 lines are common for both conditions and executed before
them.
Set Shell = Wscript.CreateObject ("Wscript.Shell" )
strComputer = Shell.ExpandEnvironmentStrings ("%COMPUTERNAME%" )
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator, user" )

Set oGroup_TEST1 = GetObject("LDAP://CN="; & ComputerName &
",OU=TEST1,OU=Computers,OU=Modeling,DC=<domain>,DC=xx")
Set oGroup_TEST2 = GetObject("LDAP://CN="; & ComputerName &
",OU=TEST2,OU=Computers,OU=3D,DC=<domain>,DC=xx")

'Change the local admin pwd for OU TEST1
If oGroup_TEST1.IsMember("WinNT://<domain>/" & ComputerName) Then
objUser.SetInfo
objUser.SetPassword "TEST1"
ElseIf oGroup_TEST2.IsMember("WinNT://<domain>/" & ComputerName) Then
'Change the local admin pwd for OU TEST2
objUser.SetPassword "TEST2"
objUser.SetInfo
End If

=======================


"Vasil Bachvarov" <v_bachvarov@xxxxxxxxxxx> wrote in message
news:go36fv$f3e$1@xxxxxxxxxxxxxxxxx

Hi, Myrddin,

I would have two recommendations:

1. Instead of "if <condition> = true then" you can use simply "if
<condition> then". It is easier to read/write and can cause less errors.
2. In your source you check two different conditions, which does not
necesserily make them alternative.
In other words, setting oGroup_TEST1 to something and then oGroup_TEST2 to
some other thing, would mean, that both conditions can be true:

=============
If oGroup_TEST1.IsMember("WinNT://<domain>/" & ComputerName) Then
...
End If

If oGroup_TEST2.IsMember("WinNT://<domain>/" & ComputerName) Then
...
End If
=============

In this case both condition bodies (...) will be executed.

If you want to make them alternative, then you have to use Elseif:

=============
If oGroup_TEST1.IsMember("WinNT://<domain>/" & ComputerName) Then
...
Elseif oGroup_TEST2.IsMember("WinNT://<domain>/" & ComputerName) Then
...
Elseif <other conditions..>
...
End If
=============

This snippet is guaranteed to execute only one of the actions, designated
with "...".
You can use as many Elseif-s as necessary.

Best Regards,
Vasil

"Myrddin" <MyrddinMT@xxxxxxxxx> wrote in message
news:58d2752d-39a5-47cf-b9cd-8878be894b3f@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hello, I've been banging my head against the wall on this issue, hope
somone can help me out.
I have computers spread on several physical sites across the globe,
with a different OU for each site. I need to be able to change the
local admin password on each computer, depending on which OU it is a
part of.
The intent is to put thsi script in a GPO that runs everytime the
computer starts up, allowing us to cahnge local admin passwords pretty
easily.

Our AD is setup so that we have an OU for each site, then an OU for
computers in that site, then different OU's based on the department
the computer is part of (eg Real time 3D, Modeling, etc.)

This is what I've tried :

On Error Resume Next

' //////////////////////////////////////////////////////////////
' ///////////////////////// VARIABLES //////////////////////////
' //////////////////////////////////////////////////////////////

Dim WshNetwork, Sh, fso, WSHShell
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set Sh = WScript.CreateObject("WScript.Shell")
Set fso = WScript.CreateObject("Scripting.FileSystemObject")

ComputerName = WshNetwork.ComputerName

Set oGroup_TEST1 = GetObject("LDAP://CN="; & ComputerName &
",OU=TEST1,OU=Computers,OU=Modeling,DC=<domain>,DC=xx")
Set oGroup_TEST2 = GetObject("LDAP://CN="; & ComputerName &
",OU=TEST2,OU=Computers,OU=3D,DC=<domain>,DC=xx")

'Change the local admin pwd for OU TEST1
If oGroup_TEST1.IsMember("WinNT://<domain>/" & ComputerName) =
true Then
Set Shell = Wscript.CreateObject ("Wscript.Shell" )
strComputer = Shell.ExpandEnvironmentStrings ("%COMPUTERNAME
%" )
Set objUser = GetObject("WinNT://" & strComputer & "/
Administrator, user" )
objUser.SetPassword "TEST1"
objUser.SetInfo
End If

'Change the local admin pwd for OU TEST2
If oGroup_TEST2.IsMember("WinNT://<domain>/" & ComputerName) =
true Then
Set Shell = Wscript.CreateObject ("Wscript.Shell" )
strComputer = Shell.ExpandEnvironmentStrings ("%COMPUTERNAME
%" )
Set objUser = GetObject("WinNT://" & strComputer & "/
Administrator, user" )
objUser.SetPassword "TEST2"
objUser.SetInfo
End If

This doesn't seem to work though : no matter how many IF conditions I
set, the last one is always applied. i added a simple Echo telling me
which password was set and I could see that the password was actually
first changed to TEST1, then to TEST2 : it's as if the IF conditions
don't matter at all.

I'm not sure if the problem lies within my IF conditions or from the
GetObject, but I'm totally lost here.
i had a previous version of this script that instead made a check on
the computer's IP address to check with subnet it was part of
(different subnets for different sites) but we've decided to change
that in favor of an OU membership check.

Any help would be massively appreciated.

.

---

• Follow-Ups:
  • Re: Changing the local admin password base on the computer's OU
    • From: Myrddin

• References:
  • Changing the local admin password base on the computer's OU
    • From: Myrddin
  • Re: Changing the local admin password base on the computer's OU
    • From: Vasil Bachvarov

• Prev by Date: Re: Changing the local admin password base on the computer's OU
• Next by Date: Re: Changing the local admin password base on the computer's OU
• Previous by thread: Re: Changing the local admin password base on the computer's OU
• Next by thread: Re: Changing the local admin password base on the computer's OU
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Changing the local admin password base on the computers OU ... allowing us to cahnge local admin passwords pretty ... 'Change the local admin pwd for OU TEST1 ... 'Change the local admin pwd for OU TEST2 ... (microsoft.public.scripting.vbscript) Changing the local admin password base on the computers OU ... allowing us to cahnge local admin passwords pretty ... 'Change the local admin pwd for OU TEST1 ... 'Change the local admin pwd for OU TEST2 ... (microsoft.public.scripting.vbscript) Re: cracking local admin account ... problem is if gains access to the local admin passwords and every computer ... eboot disk order but don't forget to password protect access to the BIOS. ... If the user is logging into the computer as the local administrator there is ... > he can reset the local admin password and do many other things. ... (microsoft.public.security) Re: Local Workstation Admin ... >>I would like to get a feel for suggestions on the local admin account. ... > I would say that field techs might know local PC administrative level ... At the place I work we have each local Admin password set to a randomly ... group that is added to each pc in the administrators groups. ... (microsoft.public.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Scripting  > microsoft.public.scripting.vbscript  > 2009-02