+ Post New Thread
Results 1 to 15 of 15
Windows Thread, Bulk Change Local Administrator Passwords. in Technical; Hi guys I just wanted to pick your brains about the above issue. We are wanting to change the local ...
  1. #1

    Join Date
    May 2006
    Location
    Leicestershire
    Posts
    345
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Bulk Change Local Administrator Passwords.

    Hi guys

    I just wanted to pick your brains about the above issue.

    We are wanting to change the local administrator password on most of out machines. All desktops are XP

    I was looking at something that could be automated. and i am aware that this could be achieved simply by using a start up script and i know the commands are available to do this.

    Now here is the twist. For security reasons, i dont want the password to be sent over the network in clear text a couple 100 times, so i am looking for a solution that would either encrypt the password to has the the ability to hash the password.

    Anyone come across something that would be able to do this

    Thanks

    N

  2. #2
    Andi's Avatar
    Join Date
    Feb 2007
    Location
    Newport, South Wales
    Posts
    276
    Thank Post
    52
    Thanked 4 Times in 4 Posts
    Rep Power
    16

    Re: Bulk Change Local Administrator Passwords.

    Microsoft have a script encoder for this purpose. I've zipped and attached it.

    We changed all our local admin passwords via a vbs startup script using an encoded script.
    Attached Files Attached Files

  3. #3
    tomscaper's Avatar
    Join Date
    Jul 2006
    Posts
    814
    Thank Post
    118
    Thanked 29 Times in 15 Posts
    Rep Power
    23

    Re: Bulk Change Local Administrator Passwords.

    would it be possible to show an example of how you set up a script to change the local admin password as i have been thinking about this but dont know how to do it.

    Thanks
    Tom

  4. #4

    Join Date
    May 2006
    Location
    Leicestershire
    Posts
    345
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Bulk Change Local Administrator Passwords.

    Thanks for that Andi

    I will give that a test later on this afternoon and see how i get on.

    Cheers Mate

    N

  5. #5

    Join Date
    May 2006
    Location
    Leicestershire
    Posts
    345
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Bulk Change Local Administrator Passwords.

    Code:
    net user Administrator password
    Obviously change "password" to whatever you want the password to be, but note if you do this via a logon scrip tthe local user would have to be an Local Administrator to do this

  6. #6
    Andi's Avatar
    Join Date
    Feb 2007
    Location
    Newport, South Wales
    Posts
    276
    Thank Post
    52
    Thanked 4 Times in 4 Posts
    Rep Power
    16

    Re: Bulk Change Local Administrator Passwords.

    This is the VBScript that we encoded and set as a startup script via GPO.

    Obviously you'd need to replace 'password' with whatever password you want.

    Code:
    Set objShell = WScript.CreateObject("WScript.Shell")
        objShell.Run "net user administrator password"

  7. #7

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,159
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    125

    Re: Bulk Change Local Administrator Passwords.

    Slightly more flash script :-)

    set oNet=createobject("wscript.network")
    sComputer=oNet.computername
    set oComputer=getobject("WinNT://" & sComputer & "/administrator")
    oComputer.setpassword "password"

  8. #8

    Join Date
    May 2006
    Location
    Leicestershire
    Posts
    345
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Bulk Change Local Administrator Passwords.

    Ive just been looking around at the encoder provided by MS but its seems to be be paper thin and a smile decoder would be able to see the script.

    Does anyone else know of a app technique to either encript the script file before transit or if there is any way to hash the password before sending it to the machine.

    Cheers

    N

  9. #9
    mrcrazy04's Avatar
    Join Date
    Nov 2006
    Location
    Bedfordshire/Cheltenham, UK
    Posts
    261
    Thank Post
    2
    Thanked 11 Times in 11 Posts
    Rep Power
    18

    Re: Bulk Change Local Administrator Passwords.

    Not tried it, but would it work to fetch the password from an IIS setup on one of your servers using XMLHTTP and SSL?
    That way the password isn't included in the script, and isn't sent over the network in plain text either.
    Obviously it would be possible for someone to tap in the URL and get the password, so would the script be able to handle integrated authentication?

    If this concept can work, I can probably hash together the code.

  10. #10
    Andi's Avatar
    Join Date
    Feb 2007
    Location
    Newport, South Wales
    Posts
    276
    Thank Post
    52
    Thanked 4 Times in 4 Posts
    Rep Power
    16

    Re: Bulk Change Local Administrator Passwords.

    Well I thought that it might be easy to decrypt the script, so I only sent it out over the matter of a few days, making sure all stations were turned on during this period, then removing all traces of the script.

    At least it's only the local admin password.

  11. #11

    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,198
    Thank Post
    321
    Thanked 314 Times in 219 Posts
    Rep Power
    125

    Re: Bulk Change Local Administrator Passwords.

    dunno if anyone has heard of this piece of software before but its called user creation wizard.

    Its pretty easy to use, and you set everything up in the excel spreadsheet.
    If anyone does use it, the speadsheet is set up at the mo for firstname.surname.
    Attached Files Attached Files

  12. #12

    Join Date
    Jun 2007
    Posts
    19
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Bulk Change Local Administrator Passwords.

    Another thing you can do which helps is change the local admin username from "Administrator" to something else like "techadmin" - one more thing for students to work out, so even if they have the password, they still need the username.

  13. #13
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    42

    Re: Bulk Change Local Administrator Passwords.

    @Timbo343: Me thinks you posted in the wrong thread, as the software you speak of creates bulk users right?... not for bulk changing local admin password.

  14. #14

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,159
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    125

    Re: Bulk Change Local Administrator Passwords.

    Quote Originally Posted by Nij.UK
    Ive just been looking around at the encoder provided by MS but its seems to be be paper thin and a smile decoder would be able to see the script.

    Does anyone else know of a app technique to either encript the script file before transit or if there is any way to hash the password before sending it to the machine.

    Cheers

    N
    Remember that this script will be a machine startup script, not a user script. Although by default a user can browse the whole of sysvol you can change the permissions so that users can't browse to the folder where you store this script - it only needs "domain computers" to have access to it.

  15. #15

    Join Date
    May 2006
    Location
    Leicestershire
    Posts
    345
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Bulk Change Local Administrator Passwords.

    @srochford: I understand that this is a machine startup script and not a user script.

    But we dont want this script to be sent down the wire in plain text as we have a few 1000 machines that we need to apply it to, it will be sendint the script that many times down the wire in plain text therefore anyone sniffing on the network could easily get the local admin password.

    We are just looking for a more secure way to carry out the task



SHARE:
+ Post New Thread

Similar Threads

  1. Local Administrator Password
    By witch in forum Windows
    Replies: 21
    Last Post: 28th June 2007, 05:32 PM
  2. Local Administrator Password Puzzle
    By Andie in forum Windows
    Replies: 18
    Last Post: 11th February 2007, 10:14 PM
  3. Replies: 8
    Last Post: 12th November 2006, 03:02 PM
  4. Allowing staff to change kids passwords
    By Simcfc73 in forum How do you do....it?
    Replies: 28
    Last Post: 21st August 2006, 08:55 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •