RE: Changing local admin PW using vb logon script - can it be enc rypted?

I have used a similar method in the past at other locations.

One of the easier ways is to run this vbscript on an administrators machine,
against all of the computers you want to change the password on, rather than
having the individual machines run the script. If you create an HTA to use
your vbscript and have two input boxes that give the username and password
that you are changing to the script as you run it, then accessing files with
a saved username and password doesn't happen.

-Frank

-----Original Message-----
From: tth8@xxxxxxxxxxx [mailto:tth8@xxxxxxxxxxx]
Sent: Thursday, December 01, 2005 11:03 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Changing local admin PW using vb logon script - can it be
encrypted?

Hi all,

Long time lurker, first time poster. We have roughly 500 computers that
we'd like to change the local admin passwords on. We realize the security
risks of having 1 password on all of our computers and are willing to assume
that risk. We've developed a VB script that we can implement as a logon
script that works perfectly to change the password. We do not want this
script sent along as clear text if we can avoid it. Is there any way we can
encrypt this script?

We've looked at options such as using Windows permissions to either deny
Domain Users access (preventing anyone from reading the script) or allowing
only Domain Computers Read Only access...however I think that if you are
logged into a local computer you should be able to read the script. Not to
mention, if you could capture the packets, you could easily find the script
and its contents so permissions would matter at all in that scenario.

Any help and/or insight is greatly appreciated.

Best,
...tom

---------------------------------------------------------------------------
---------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Relevant Pages

  • Re: logoff/shutdown script
    ... Are you obliged to use VBScript ?If not i can found solution ... someone tries to log off or shutdown a computer. ... I know where to save the script ... the computers. ...
    (microsoft.public.scripting.vbscript)
  • Re: Finding users in local admin groups
    ... > Here is a vbscript that you can run against a remote computer that moves ... > *local* users except 'Administrator) from the Administrators group to the ... You should also add to the script logging to a file of the ... > you moved on what computers. ...
    (microsoft.public.win2000.security)
  • Re: logoff/shutdown script
    ... Are you obliged to use VBScript ?If not i can found solution ... someone tries to log off or shutdown a computer. ... I know where to save the script ... the computers. ...
    (microsoft.public.scripting.vbscript)
  • Re: Change local administrator password ? through GPO or push script ?
    ... I would like to change the local administrator password of every computers member of my AD domain but I am not sure of the best method. ... Create a vbs script that points to the local computer and then deploy this script by GPO. ... This attribute will permit to know wich admin password is configured for this machine. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Not so Newbie
    ... The script is designed for situations like yours. ... wit 35+ computers and to go to each of those computers to individualy ... Prompt for an executable to run on each remote computer in the group. ... so you know where the deployment failed. ...
    (microsoft.public.windows.server.scripting)