Re: Changing Workstation passwords
From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 07/06/04
- Next message: Serannah: "Norton Internet Security 2004"
- Previous message: Dvina: "RE: XP Scanning fewer records"
- In reply to: Paul: "Changing Workstation passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 06 Jul 2004 18:50:08 +0200
Paul wrote:
> Looking at changing the Windows XP local administrator passwords
> on our domain.
>
> If we used an SMS package that used the NET USE administrator
> <new password> then the new password would be stored on our sms
> servers in plain text.
>
> We would like to somehow do this using encryption to store the
> password so unauthorised people would be unable to view this
> password. (wether on the SMS server or on the network in transit)
Hi
As long as the computers are joined to an Active Directory domain:
You could do it in a computer startup script (with a GPO) that runs
as part of the boot up process (before the user logs in). It runs
under the system context and has admin rights.
To avoid users being able to read the script where the password is
stored, grant read access only for the AD group "Domain Computers"
to the script file.
As long as the Administrator account name is "Administrator", this
vbscript will set the password on the account:
'--------------------8<----------------------
sNewPassword = "testpassword"
Set oWshNet = CreateObject("WScript.Network")
sComputer = oWshNet.ComputerName
On Error Resume Next
Set oUser = GetObject("WinNT://" & sComputer & "/Administrator,user")
oUser.SetPassword sNewPassword
oUser.SetInfo
On Error Goto 0
'--------------------8<----------------------
If you want to change the password instead of setting it (but this
means you will need to be sure that you know the old password on
all the computers), use oUser.ChangePassword instead of
oUser.SetPassword, like this:
oUser.ChangePassword "old pwd here", sNewPassword
If there is a chance that the name of the administrator is not
"Administrator" (e.g. the account is renamed, or you have some
non-English OS versions), you could use this version instead:
'--------------------8<----------------------
sNewPassword = "testpassword"
Set oWshNet = CreateObject("WScript.Network")
sComputer = oWshNet.ComputerName
sAdminName = GetAdministratorName
On Error Resume Next
Set oUser = GetObject("WinNT://" & sComputer & "/" & sAdminName & ",user")
oUser.SetPassword sNewPassword
oUser.SetInfo
On Error Goto 0
Function GetAdministratorName()
Dim sUserSID, oWshNetwork, oUserAccount
Set oWshNetwork = CreateObject("WScript.Network")
Set oUserAccounts = GetObject( _
"winmgmts://" & oWshNetwork.UserDomain & "/root/cimv2") _
.ExecQuery("Select Name, SID from Win32_UserAccount" _
& " WHERE Domain = '" & oWshNetwork.ComputerName & "'")
On Error Resume Next
For Each oUserAccount In oUserAccounts
If Left(oUserAccount.SID, 9) = "S-1-5-21-" And _
Right(oUserAccount.SID, 4) = "-500" Then
GetAdministratorName = oUserAccount.Name
Exit For
End if
Next
End Function
'--------------------8<----------------------
-- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/community/scriptcenter/default.mspx
- Next message: Serannah: "Norton Internet Security 2004"
- Previous message: Dvina: "RE: XP Scanning fewer records"
- In reply to: Paul: "Changing Workstation passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
