Changing Workstation passwords

G

Guest

Hello,

Looking at changing the Windows XP local administrator passwords on our domain.

If we used an SMS package that used the NET USE administrator <new password> then the new password would be stored on our sms servers in plain text.

We would like to somehow do this using encryption to store the password so unauthorised people would be unable to view this password. (wether on the SMS server or on the network in transit)

Any suggestions would be great.
 
T

Torgeir Bakken \(MVP\)

Paul said:
Looking at changing the Windows XP local administrator passwords
on our domain.

If we used an SMS package that used the NET USE administrator
<new password> then the new password would be stored on our sms
servers in plain text.

We would like to somehow do this using encryption to store the
password so unauthorised people would be unable to view this
password. (wether on the SMS server or on the network in transit)
Click to expand...
Hi

As long as the computers are joined to an Active Directory domain:

You could do it in a computer startup script (with a GPO) that runs
as part of the boot up process (before the user logs in). It runs
under the system context and has admin rights.

To avoid users being able to read the script where the password is
stored, grant read access only for the AD group "Domain Computers"
to the script file.


As long as the Administrator account name is "Administrator", this
vbscript will set the password on the account:

'--------------------8<----------------------
sNewPassword = "testpassword"
Set oWshNet = CreateObject("WScript.Network")
sComputer = oWshNet.ComputerName

On Error Resume Next
Set oUser = GetObject("WinNT://" & sComputer & "/Administrator,user")
oUser.SetPassword sNewPassword
oUser.SetInfo
On Error Goto 0
'--------------------8<----------------------


If you want to change the password instead of setting it (but this
means you will need to be sure that you know the old password on
all the computers), use oUser.ChangePassword instead of
oUser.SetPassword, like this:

oUser.ChangePassword "old pwd here", sNewPassword



If there is a chance that the name of the administrator is not
"Administrator" (e.g. the account is renamed, or you have some
non-English OS versions), you could use this version instead:

'--------------------8<----------------------
sNewPassword = "testpassword"
Set oWshNet = CreateObject("WScript.Network")
sComputer = oWshNet.ComputerName
sAdminName = GetAdministratorName

On Error Resume Next
Set oUser = GetObject("WinNT://" & sComputer & "/" & sAdminName & ",user")
oUser.SetPassword sNewPassword
oUser.SetInfo
On Error Goto 0


Function GetAdministratorName()

Dim sUserSID, oWshNetwork, oUserAccount

Set oWshNetwork = CreateObject("WScript.Network")
Set oUserAccounts = GetObject( _
"winmgmts://" & oWshNetwork.UserDomain & "/root/cimv2") _
.ExecQuery("Select Name, SID from Win32_UserAccount" _
& " WHERE Domain = '" & oWshNetwork.ComputerName & "'")

On Error Resume Next
For Each oUserAccount In oUserAccounts
If Left(oUserAccount.SID, 9) = "S-1-5-21-" And _
Right(oUserAccount.SID, 4) = "-500" Then
GetAdministratorName = oUserAccount.Name
Exit For
End if
Next
End Function
'--------------------8<----------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Editorial How to create secure passwords 6
Automated changing of local admin password on workstations? 4
Warning - Extortion Scam 2
Delete stored user names and passwords on a computer in a domain 1
Can't Save Passwords 1
Changing Passwords 4
Security update regarding your Ubisoft account - please create a new password 5
block installation on D drive 2

Top