Re: Encrypted password in script

Hi,

First, you can change the password remotely with a VBScript program. Just
bind to the local administrator user object with the WinNT provider and use
the SetPassword method. This assumes sufficient permissions - you Domain
account must be a member of the local Administrators group. By default, the
group "Domain Admins" is a member of the local Administrators group, so all
members of "Domain Admins" should be able to do this. A script I have used
is similar to:

strComputer = "WST345"
Set objLocalUser = GetObject("WinNT//" & strComputer &
"/Administrator,user")
objLocalUser.SetPassword "xyz123"

Second, you can use a StartUp script (configured in Group Policy) to change
the password. Startup scripts run with System privileges on the local
computer. Of course, the password would be exposed.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
"McKirahan" <News@xxxxxxxxxxxxx> wrote in message
news:vcydnbVxV-Y3sJHZ4p2dnA@xxxxxxxxxxxxxx
"Richard Waal" <RichardWaal@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B2F60365-A0FE-4D14-AD7B-16E7EFB1EABC@xxxxxxxxxxxxxxxx
Hi McKirahan,

First of all, thank you for your quick response. Unfortunately, the
ScriptPW
COM object will not solve my problem (unless I misunderstand its use). As
I
read the Scripting Guys blog, the ScriptPW utility will only prevent the
password from being visible on screen, while I type it. In my situation,
I
create a password and embed it in the scriptfile. This is necessary
because
the script will be configured in a Group Policy, and will function as a
Start
up script. All client computer must have the same admin password
configured.

Any suggestion in how to approach this?

[snip]

Sorry, I'm not a SysAdmin. Here are some ideas for you:

Is this just a one-shot effort (to "change the password of the local
administrator account on client computers")?
If so, couldn't the login script delete itself after running?

Or, if the login script doesn't reside on the client computer,
couldn't it retrieve the new password from a file
through a script that only allows one access per workstation.





.

Relevant Pages

  • Re: Finding multiple memgers of a group
    ... someone point me to a sample script or discussion on finding multiple ... Dim objGroup, strComputer, objFSO, objTextFile ... Wscript.Echo "Members of local Administrators group on computer " & ... method and it returns True if the corresponding object is a member. ...
    (microsoft.public.scripting.vbscript)
  • Re: How to make a AD group member of the local administrators grou
    ... How can we use the script for multiple computers. ... user account to 100 computers local admin group ... ' Check if group already a member. ... group is still a member of the local Administrators group). ...
    (microsoft.public.windows.server.scripting)
  • Re: How to make a AD group member of the local administrators grou
    ... Clemens de Brouwer ... Can I use your script and replace the user ingo with the group info or do ... ' Check if group already a member. ... group is still a member of the local Administrators group). ...
    (microsoft.public.windows.server.scripting)
  • Re: Group Policy Question
    ... script, but I really want to restrict it to individual users. ... somehow that people get added to the local admins as soon as they log in. ... ' Check if user already a member. ... Admins" group is a member of the local Administrators group (which is true ...
    (microsoft.public.win2000.active_directory)
  • Re: How to make a AD group member of the local administrators grou
    ... ' Check if group already a member. ... group is still a member of the local Administrators group). ... done in a logon script, as most users should not have permission. ... And we need two domain groups to be member of the local administrators ...
    (microsoft.public.windows.server.scripting)