Windows Thread, Bulk Change Local Administrator Passwords. in Technical; Hi guys
I just wanted to pick your brains about the above issue.
We are wanting to change the local ...
I just wanted to pick your brains about the above issue.
We are wanting to change the local administrator password on most of out machines. All desktops are XP
I was looking at something that could be automated. and i am aware that this could be achieved simply by using a start up script and i know the commands are available to do this.
Now here is the twist. For security reasons, i dont want the password to be sent over the network in clear text a couple 100 times, so i am looking for a solution that would either encrypt the password to has the the ability to hash the password.
Anyone come across something that would be able to do this
would it be possible to show an example of how you set up a script to change the local admin password as i have been thinking about this but dont know how to do it.
Obviously change "password" to whatever you want the password to be, but note if you do this via a logon scrip tthe local user would have to be an Local Administrator to do this
Ive just been looking around at the encoder provided by MS but its seems to be be paper thin and a smile decoder would be able to see the script.
Does anyone else know of a app technique to either encript the script file before transit or if there is any way to hash the password before sending it to the machine.
Not tried it, but would it work to fetch the password from an IIS setup on one of your servers using XMLHTTP and SSL?
That way the password isn't included in the script, and isn't sent over the network in plain text either.
Obviously it would be possible for someone to tap in the URL and get the password, so would the script be able to handle integrated authentication?
If this concept can work, I can probably hash together the code.
Well I thought that it might be easy to decrypt the script, so I only sent it out over the matter of a few days, making sure all stations were turned on during this period, then removing all traces of the script.
dunno if anyone has heard of this piece of software before but its called user creation wizard.
Its pretty easy to use, and you set everything up in the excel spreadsheet.
If anyone does use it, the speadsheet is set up at the mo for firstname.surname.
Another thing you can do which helps is change the local admin username from "Administrator" to something else like "techadmin" - one more thing for students to work out, so even if they have the password, they still need the username.
@Timbo343: Me thinks you posted in the wrong thread, as the software you speak of creates bulk users right?... not for bulk changing local admin password.
Ive just been looking around at the encoder provided by MS but its seems to be be paper thin and a smile decoder would be able to see the script.
Does anyone else know of a app technique to either encript the script file before transit or if there is any way to hash the password before sending it to the machine.
Cheers
N
Remember that this script will be a machine startup script, not a user script. Although by default a user can browse the whole of sysvol you can change the permissions so that users can't browse to the folder where you store this script - it only needs "domain computers" to have access to it.
@srochford: I understand that this is a machine startup script and not a user script.
But we dont want this script to be sent down the wire in plain text as we have a few 1000 machines that we need to apply it to, it will be sendint the script that many times down the wire in plain text therefore anyone sniffing on the network could easily get the local admin password.
We are just looking for a more secure way to carry out the task
LinkBack URL
About LinkBacks
Reply With Quote
Originally Posted by Nij.UK 
