Re: Automated changing of local admin password on workstations?

From: "/dev/null" <bitbucket@localhost>
Date: Fri, 11 Apr 2008 07:52:00 -0600

"Barkley Bees" <barkbees@xxxxxxxxxx> wrote in message
news:emZ5VnsmIHA.3400@xxxxxxxxxxxxxxxxxxxxxxx

We want to ensure that all workstations (XP/2000) in our Active Directory
environment have their local Administrator passwords set to our specified
value. What would be the best way (best practice) to implement this
(Logon/Startup script, GPO, SMS, etc)? Appreciate any advice.

Funny coincidence....I just built a script yesterday for that exact same
purpose....

Enjoy

/dev/null

------------------------------
***Begin VBScript***

' Purpose: This script is designed to take an input file containing computer
names
' and change the local administrator user password remotely in batch
fashion.
' The script will process all machines in the input file and log any
failures
' to an output file named "Failures.txt" that will be written in the same
' folder that the script was launched from.

' Force Proper declaration of variables before usage
Option Explicit

' Declare the necessary variables to use
Dim fsInput, fsOutput, inputFile, outputFile, szUser, szaTS, szTemp,
szPassword, szAdminUser

' Create the file system object to handle input file operations
Set fSInput = CreateObject("Scripting.FileSystemObject")

' Create the file system object to handle output file operations
Set fsOutput = CreateObject("Scripting.FileSystemObject")

' Obtain the input file path / name from the user
inputFile = InputBox("Please enter the path to the text file containing the
computer names:")

' Error handling to trap lazy users inputting a null (blank) file path /
name
if inPutFile = "" Then
MsgBox("You must provide the file path for the script to function
properly, exiting now.")
WScript.Quit
End If

'Obtain the administrative account name from the user
szAdminUser = InputBox("Please enter the name of the local administrative
account to change:")

' Error handling to trap lazy users inputting a null (blank) account name
if szAdminUser = "" Then
MsgBox("You must provide an account name for the script to function
properly, exiting now.")
WScript.Quit
End If

'Obtain the new password from the user
szPassword = InputBox("Please enter the new password for the account:")

' Error handling to trap lazy users inputting a null (blank) account name
if szPassword = "" Then
MsgBox("You cannot use a blank password, exiting now.")
WScript.Quit
End If

' Create and open the file handle to a log file in the event of any
execution failures
Set outputFile = fsOutput.CreateTextFile("Failures.txt", True)

' Error handling to catch a malformed or incorrect path to the input file
If Not fsInput.FileExists(inputFile) Then
WScript.Echo "File: " & inputFile & " cannot be found."
WScript.Quit
End If

' Initialize and open the input file handle
Set szaTS = fsInput.OpenTextFile(inputFile,1)

' While there are lines of data to read from the input file
Do Until szaTS.AtEndOfStream
' If we encounter an error, continue executing and gracefully drop to
the error handling block below
on error resume next

' Read the current line from the file
szTemp = szaTS.ReadLine

' Set the path to the target system, including the name of the local
account we want to change the password for
Set szUser = GetObject("WinNT://" & szTemp & "/" & szAdminUser &
",user")

' Change the account password accordingly
szUser.setpassword szPassword

' Commit the change to the target SAM entries
szUser.setinfo

' Somewhat of a try/catch block here to intercept possible 424 (network
path not found) errors
if err = 424 then
MsgBox("System " & szTemp & " is currently unavailable." & vbCrLf &
"Check to make sure the machine:" & vbCrLf & "1. Physically exists" & vbCrLf
& "2. Is powered on" & vbCrLf & "3. Has a working network connection")
outputFile.WriteLine szTemp
end if
Loop

' Done writing to the output file, so close the file handle to it
outputFile.Close

' Done reading from the input file, so close the file handle to it
szaTS.Close

.

Prev by Date: Re: Logon Script Issues
Next by Date: Looking for the setting that prohibits saving documents to the Desktop
Previous by thread: Setting Outlook 2007 forms/tempate default directory
Next by thread: Looking for the setting that prohibits saving documents to the Desktop
Index(es):
- Date
- Thread

Relevant Pages

Protecting against dDOS bots (was: Newbie php problem)
... The form mail script posted that was used, ... requires the applicant to pass some kind of Turing test, ... Turing test if the account balance ever drops to zero. ... Log into the same account repeatedly, which consumes your credit ...
(alt.php)
Re: Entourage account setup applescript not working
... I pasted the script at the end just in case. ... When comparing the account settings on 2 computers, ... This script assists a user with the setup of his Exchange account ... Customize the network and server properties below with information ...
(microsoft.public.mac.office.entourage)
Re: Error 15401 using sp_grantlogin (not addressed by current KB articles)
... Restarting Windows 2000 resolved the problem for this particular account, ... confused when it sees a duplicate SID. ... > One way to get SQL Server to agree with the renamed NT ... > Preview (to ensure the script was created), ...
(microsoft.public.sqlserver.security)
Re: Thoughts on current error handling best practice with VBScript
... Anthony Jones also recommends not using VBS if you're concerned about ... Dim sVal ... impression about how much of an afterthought error handling has been ... you've run the script from an open command window, using cscript, Ctrl- ...
(microsoft.public.scripting.vbscript)
Re: Local account creation
... While this script works fine for my 2003 environment, ... use the script in a startup GPO so that there a generic local admin account ... Dim objNetwork, strComputer, strUser ...
(microsoft.public.windows.server.scripting)