RE: Changing local admin PW using vb logon script - can it be encrypted?



Hi Robert, thanks for the link. I was unaware of this piece of Microsoft
software. Have (or has anyone) had success in getting this to work? I have
successfully encoded my script but running it on my computer doesn't seem to
work. I have a WScript.echo "I'm Done" command at the end of the script
that never comes up once encoded which also tells me that the script hasn't
run. Not to mention the fact that password isn't changed. Can someone tell
me if I'm doing something wrong? I could post the script if that will help.

-----Original Message-----
From: Brower, Robert [mailto:brower@xxxxxxxxxxxxxxxxx]
Sent: Friday, December 02, 2005 10:56 AM
To: tth8@xxxxxxxxxxx; focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: Changing local admin PW using vb logon script - can it be
encrypted?


Microsoft has a script encoder you can download here. It works fine,
but isn't very strong encryption. If you're just looking to hide your
script from casual viewing this is a great product.

http://www.microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4
873-B1B0-21F0626A6329&displaylang=en


-----Original Message-----
From: tth8@xxxxxxxxxxx [mailto:tth8@xxxxxxxxxxx]
Sent: Thursday, December 01, 2005 12:03 PM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Changing local admin PW using vb logon script - can it be
encrypted?

Hi all,

Long time lurker, first time poster. We have roughly 500 computers that
we'd like to change the local admin passwords on. We realize the
security risks of having 1 password on all of our computers and are
willing to assume that risk. We've developed a VB script that we can
implement as a logon script that works perfectly to change the password.
We do not want this script sent along as clear text if we can avoid it.
Is there any way we can encrypt this script?

We've looked at options such as using Windows permissions to either deny
Domain Users access (preventing anyone from reading the script) or
allowing only Domain Computers Read Only access...however I think that
if you are logged into a local computer you should be able to read the
script. Not to mention, if you could capture the packets, you could
easily find the script and its contents so permissions would matter at
all in that scenario.

Any help and/or insight is greatly appreciated.

Best,
...tom

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • Re: Finding users in local admin groups
    ... > Here is a vbscript that you can run against a remote computer that moves ... > *local* users except 'Administrator) from the Administrators group to the ... You should also add to the script logging to a file of the ... > you moved on what computers. ...
    (microsoft.public.win2000.security)
  • Re: Change local administrator password ? through GPO or push script ?
    ... I would like to change the local administrator password of every computers member of my AD domain but I am not sure of the best method. ... Create a vbs script that points to the local computer and then deploy this script by GPO. ... This attribute will permit to know wich admin password is configured for this machine. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Not so Newbie
    ... The script is designed for situations like yours. ... wit 35+ computers and to go to each of those computers to individualy ... Prompt for an executable to run on each remote computer in the group. ... so you know where the deployment failed. ...
    (microsoft.public.windows.server.scripting)
  • Re: Deploy password change ? How to encrypt VBS ? or any other method ?
    ... Assuming a vbscript where the passwords are changed from a remote system, you can also plan to encrypt the communications between that system and the destination Servers. ... Moreover, if it is deployed with Landesk (and so a script), we only need to be sure that the landesk service is up. ... If we deploy it remotely with your script, we will need to verify some other requirements like File and print sharing on (and we know that some computers have disabled it). ...
    (microsoft.public.windows.server.active_directory)
  • Re: VBscript that restart the domain comptuer
    ... If you have a shutdown script that cleans up the profiles, ... permissions can restart all computers in a list remotely. ... I have already VB script I ...
    (microsoft.public.windows.server.active_directory)