Local Password change

[fr8o]

Haveing never worked with VB, but having perl and java exp I tried my hand at a script to change the local password on machine I came up with this:

'| /p:newPass4LocalAdministrator

Option Explicit: Dim Named, sPasswrdAdmin, oUser
Set Named = WScript.Arguments.Named

sPasswrdAdmin = Named.Item("p")
Set oUser = GetObject("WinNT://./Administrator, user")
oUser.SetPassword(sPasswrdAdmin)
oUser.SetInfo

It works on my local machine when I run it from the command prompt, but when I place it in the startup scripts on the GP server it does not seem to run as the password does not get changed. Any ideas on why? I know that the group policy server is working because I can change the policies and those take effect.

 

[markdmac]

You would need to hard code the password in the script. As a startup script, there would be no interactive window to enter the named argument.

You also might want to take a look at my FAQ on this subject: faq329-6378

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[tsuji]

[1] It is not impossible that the Administrator account's name has been renamed on some local m/c. If that is a serious worry, you've to determine the admin's account through the listing of sid.

[2] The default name Administrator should it not be counted as a block forbidden to appear in the "new" password as a token? I mean if you mean literally [tt][blue]/p:newPass4LocalAdministrator[/blue][/tt].

Otherwise, the approach should work as a startup script.

 

[fr8o]

I wanted to document the proper usage of the variable for future is all. I was able to get this working correctly, some people got irritated because they did not have local admin rights so it threw up all over them. So does any know a way of checking "Am I a member of local administrators?

 

[markdmac]

Run NET LOCALGROUP ADMINISTRATORS from a command line.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[fr8o]

I went this route:
Private Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long

Dim l As Long
Dim sUser As String

sUser = Space$(255)
l = GetUserName(sUser, 255)

'strip null terminator

If l <> 0 Then
GetCurrentUserName = Left(sUser, InStr(sUser, Chr(0)) - 1)
Else
Err.Raise Err.LastDllError, , _
"A system call returned an error code of " _
& Err.LastDllError
End If


VerifyGroupMembers = False
Set objGroup = GetObject("WinNT://./Administrators,group")



For Each objUser In objGroup.Members

WScript.Echo "Checking group member " & objUser.Name

If( UCase( Trim( sUser ) ) = UCase( Trim( objUser.Name ) ) ) Then
WScript.Echo "Member found: "
bMemberFound = True
Exit For
End If
NEXT


The compare by itself works, but the start trying to pull up the name of the current user is not working, I get an error

line 1 char 17 expected end of statement.

 

[PHV]

You can't use API's DLL in VBScript like that.
Why not using the WshNetwork object ?

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[fr8o]

AH ha got it all together now and sorry about the mess:
'| /p:newPass4LocalAdministrator

Set objNetwork = WScript.CreateObject("WScript.Network")

sUser = objNetwork.UserName

VerifyGroupMembers = False
Set objGroup = GetObject("WinNT://./Administrators,group")



For Each objUser In objGroup.Members


If( UCase( Trim( sUser ) ) = UCase( Trim( objUser.Name ) ) ) Then

Set Named = WScript.Arguments.Named

sPasswrdAdmin = Named.Item("p")
Set oUser = GetObject("WinNT://./Administrator, user")
oUser.SetPassword(sPasswrdAdmin)
oUser.SetInfo
Exit For
End If
NEXT

Thank you!

 

[tsuji]

>I was able to get this working correctly, some people got irritated because they did not have local admin rights so it threw up all over them.
The issue shouldn't happen if it is part of the startup script. So I would guess that the set-new-password-script is eventually not (part of) the startup script after all. For startup script, it shouldn't happen and the m/c system account should have ample rights to do the set-new-password.