Bulk Change Local Administrator Passwords.
Hi guys
I just wanted to pick your brains about the above issue.
We are wanting to change the local administrator password on most of out machines. All desktops are XP
I was looking at something that could be automated. and i am aware that this could be achieved simply by using a start up script and i know the commands are available to do this.
Now here is the twist. For security reasons, i dont want the password to be sent over the network in clear text a couple 100 times, so i am looking for a solution that would either encrypt the password to has the the ability to hash the password.
Anyone come across something that would be able to do this
Thanks
N
1 Attachment(s)
Re: Bulk Change Local Administrator Passwords.
Microsoft have a script encoder for this purpose. I've zipped and attached it.
We changed all our local admin passwords via a vbs startup script using an encoded script.
Re: Bulk Change Local Administrator Passwords.
would it be possible to show an example of how you set up a script to change the local admin password as i have been thinking about this but dont know how to do it.
Thanks
Tom
Re: Bulk Change Local Administrator Passwords.
Thanks for that Andi
I will give that a test later on this afternoon and see how i get on.
Cheers Mate
N
Re: Bulk Change Local Administrator Passwords.
Code:
net user Administrator password
Obviously change "password" to whatever you want the password to be, but note if you do this via a logon scrip tthe local user would have to be an Local Administrator to do this
Re: Bulk Change Local Administrator Passwords.
This is the VBScript that we encoded and set as a startup script via GPO.
Obviously you'd need to replace 'password' with whatever password you want.
Code:
Set objShell = WScript.CreateObject("WScript.Shell")
objShell.Run "net user administrator password"
Re: Bulk Change Local Administrator Passwords.
Slightly more flash script :-)
set oNet=createobject("wscript.network")
sComputer=oNet.computername
set oComputer=getobject("WinNT://" & sComputer & "/administrator")
oComputer.setpassword "password"
Re: Bulk Change Local Administrator Passwords.
Ive just been looking around at the encoder provided by MS but its seems to be be paper thin and a smile decoder would be able to see the script.
Does anyone else know of a app technique to either encript the script file before transit or if there is any way to hash the password before sending it to the machine.
Cheers
N
Re: Bulk Change Local Administrator Passwords.
Not tried it, but would it work to fetch the password from an IIS setup on one of your servers using XMLHTTP and SSL?
That way the password isn't included in the script, and isn't sent over the network in plain text either.
Obviously it would be possible for someone to tap in the URL and get the password, so would the script be able to handle integrated authentication?
If this concept can work, I can probably hash together the code.
Re: Bulk Change Local Administrator Passwords.
Well I thought that it might be easy to decrypt the script, so I only sent it out over the matter of a few days, making sure all stations were turned on during this period, then removing all traces of the script.
At least it's only the local admin password. ;)
1 Attachment(s)
Re: Bulk Change Local Administrator Passwords.
dunno if anyone has heard of this piece of software before but its called user creation wizard.
Its pretty easy to use, and you set everything up in the excel spreadsheet.
If anyone does use it, the speadsheet is set up at the mo for firstname.surname.
Re: Bulk Change Local Administrator Passwords.
Another thing you can do which helps is change the local admin username from "Administrator" to something else like "techadmin" - one more thing for students to work out, so even if they have the password, they still need the username.
Re: Bulk Change Local Administrator Passwords.
@Timbo343: Me thinks you posted in the wrong thread, as the software you speak of creates bulk users right?... not for bulk changing local admin password.
Re: Bulk Change Local Administrator Passwords.
Quote:
Originally Posted by Nij.UK
Ive just been looking around at the encoder provided by MS but its seems to be be paper thin and a smile decoder would be able to see the script.
Does anyone else know of a app technique to either encript the script file before transit or if there is any way to hash the password before sending it to the machine.
Cheers
N
Remember that this script will be a machine startup script, not a user script. Although by default a user can browse the whole of sysvol you can change the permissions so that users can't browse to the folder where you store this script - it only needs "domain computers" to have access to it.
Re: Bulk Change Local Administrator Passwords.
@srochford: I understand that this is a machine startup script and not a user script.
But we dont want this script to be sent down the wire in plain text as we have a few 1000 machines that we need to apply it to, it will be sendint the script that many times down the wire in plain text therefore anyone sniffing on the network could easily get the local admin password.
We are just looking for a more secure way to carry out the task
