...or automating local administrator's password change process
--- Understanding types of logon script:
There are four types of them:
1. Group Policy logon / logoff scripts.
2. Group Policy Computer startup / shutdown scripts.
3. Domain User logon scripts.
4. Local user logon scripts.
Type 1 script executes when a USER logs on or logs off. And it executes with that user privilege.
Type 2 script executes when the COMPUTER starts up or shuts down. It executes in context of "Local System Account".
Type 3 script executes when a domain user logs on. The difference is type 3 works on all Windows versions whereas type 1 only works with Windows 2000 and up.
Type 4 script: the name says itself. It only executes when the user logs on locally.
--- Encode your [logon] script if necessary
www.microsoft.com/downloads/details.aspx?familyid
=e7877f67-c447-4873-b1b0-21f0626a6329&displaylang=en
--- Command line
net user administrator password
--- Use SysInternals' pspasswd tool
www.sysinternals.com/Utilities/PsTools.html
--- Sample user made script
'===============================================
'script : ResetAdmin.vbs
'date : March 23, 2007
'code by : Malikus (IT Operations Bank Mandiri)
'
'purpose : reset local administrator password,
' run as system account during computer
' startup from domain GPO
'================================================
On Error Resume Next
stPassword = WScript.Arguments.Item(0)
Set WshShell = WScript.CreateObject("WScript.Shell")
Set objNetwork = CreateObject("Wscript.Network")
stCompName = objNetwork.ComputerName
if ChangePassword(stCompName,"administrator",stPassword) then
wshShell.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\SEC RET", stPassword
'WriteLog "Change password succeed"Else
WriteLog "Change password failed"
end if
Function ChangePassword(stComputer, stUser, stPassword)
Dim oUser
On Error Resume Next
Set ousEr = GetObject("WinNT://" & stComputer & "/" & stUser & ",user")
If Not IsObject(oUser) Then
WriteLog "could not retrieve user info"
ChangePassword = FALSE
Else
On Error Resume Next
oUser.setpassword stPassword
If Err <> 0 Then
WriteLog Err.Description
ChangePassword = FALSE
Else
ChangePassword = TRUE
End If
End If
End Function
Sub WriteLog(log)
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Dim fso, f
Set fso = CreateObject("Scripting.FileSystemObject")
Set f = fso.OpenTextFile("c:\resetadmin.log", ForAppending, True)
f.Writeline Date & ";" & Time & ";" & log
f.Close
End Sub
--- Basically there's two approaches to accomplish it
1. using logon script:
don't forget to encrypt your script
2. using remote execution:
obtain list of computernames on your domain using "net view /domain:domainname"
command and feed them to tool like pspasswd
--- Google keyword:
modify|change local administrator password logon script
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment