Need this script to find the BUILT IN Administrator account!

[StumpedTechy]

Okay here is where I have a problem. We have about 30 different machine images to say the lest. I was supplied a code in which I modified it a bit.... here is the end result.

Option Explicit
' On Error Resume Next

Dim objAdminAccount, objDevice, objFileInput, objFileOutput, objFSO, strDeviceName, strPass
Const INPUT_FILE_NAME = "Devices.txt"
Const OUTPUT_FILE_NAME = "Status.csv"

Const RENAME_ADMIN_USERS = False


Sub DestroyObjects()
    If IsObject(objAdminAccount) Then Set objAdminAccount = Nothing
    If IsObject(objDevice) Then Set objDevice = Nothing
    If IsObject(objFileInput) Then Set objFileInput = Nothing
    If IsObject(objFileOutput) Then Set objFileOutput = Nothing
    If IsObject(objFSO) Then Set objFSO = Nothing
End Sub


Set objFSO = WScript.CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(INPUT_FILE_NAME) Then
    Set objFileInput = objFSO.OpenTextFile(INPUT_FILE_NAME)
    Set objFileOutput = objFSO.CreateTextFile(OUTPUT_FILE_NAME)
    objFileoutput.WriteLine "Device name,Status"
    Do Until objFileInput.AtEndOfStream
        strDeviceName = UCase(Trim(objFileInput.ReadLine))
	strPass = "NewSuperSecretPassword"
        On Error Resume Next
        Set objAdminAccount = GetObject("WinNT://" & strDeviceName & "/Administrator")
        If Err.Number = 0 Then
            If RENAME_ADMIN_USERS Then
                objAdminAccount.SetPassword(strPass)
                objAdminAccount.SetInfo
                Set objDevice = GetObject("WinNT://" & strDeviceName)
                objDevice.MoveHere objAdminAccount.ADsPath, "NewAccountName"
                objFileOutput.WriteLine strDeviceName & ",Modified user Administrator: renamed 

to Phoebe"
            Else
                objFileOutput.WriteLine strDeviceName & ",User Administrator exists but was not 

modified"
            End If
        Else
            Set objAdminAccount = GetObject("WinNT://" & strDeviceName & "/NewAccountName")
            If Err.Number = 0 Then
                objFileOutput.WriteLine strDeviceName & ",User NewAccountName exists and was not 

modified"
            Else
                objFileOutput.WriteLine strDeviceName & ",Administrative user cannot be 

determined"
            End If
        End If
    Loop
Else
    MsgBox "The input file (" & INPUT_FILE_NAME & ") does not exist.  Please create this file or 

modify the INPUT_FILE_NAME constant on line 32 of this script:" & vbCrLf & vbCrLf & 

WScript.ScriptFullName & vbCrLf & vbCrLf & "to reflect the correct path.", vbCritical, 

"Execution aborted"
    WScript.Quit 1
End If

DestroyObjects()

MsgBox "Execution completed successfully.  For more information, pleae view the '" & 

OUTPUT_FILE_NAME & "' file.", vbInformation, "Execution completed"

Now this all works fine and dandy but there are a few issues.

1) Not all built in Administrators accounts are Administrator. Some have been renamed.
2) Some of the machines already have a NewAccountName but this is NOT the built in administrators account.

What I want to do is modify this script to 1) Check the machine for the built in administrators account 2) Delete out any occurance of NewAccountName IF it is NOT the built in administrators account. Lastly 3) rename and reset the password on the account..

Part 3 really is taken care of in the script above. Part 2 I know that you can't do an account delete of a built in administrators account so I think I can just do a blanket objDevice.Delete "user", NewAccountName is this correct or will this actually do any harm if it is the built in administrators account? What I really need help figuing out how to, through VBScripting, determine the BUILT IN administrators account and manipulating ONLY that account no matter what the current name is.

 

[JadeKnight]

You can not use name for that task, you must use sids. Here's a reference to all known sids :

http://support.microsoft.com/kb/243330

BTW, if the local administrator account is renamed, you can not delete it. It must be renamed back to Administrator.

 

[JadeKnight]

Btw... here's the full answear to you're question :

http://www.microsoft.com/technet/scriptcenter/resources/qanda/jul05/hey0722.mspx

 

[StumpedTechy]

Any way to get this information without accessing WMI? one of our images has a problem and this is over 100+ computers that is on project for next year but the script bombs on accessing WMI because of the image problems we have.

Thanks for the pointers I have filed those away for future use though it won't help me with this change at this time.

 

[StumpedTechy]

I was thinking can I do something like -

Set objDevice = GetObject("WinNT://" & strDeviceName )
objDevice.Filter = Array( "User" )
For Each objUser.Description = "Built-in account for administering the computer/domain" In objComputer then

Set objAdminAccount = GetObject("WinNT://" & strDeviceName & "/" & objUser.Name)

This way the single account with that description should return back to the set variable of objAdminAccount no???

Should this work? can I do an "" and along decription like that in the For line? This would keep me using ADSI and NOT relying on WMI which we would have significatn fallout using WMI.

 

[StumpedTechy]

Well this isn't going to work for these misimages even using ADSI I wasn't able to connect.


I'll have to designate these old images as fallout because I can't remotely contact them.

 

[JadeKnight]

What kind of OS are we talking about here? If WinXP are they in a domain?

 

[mrmovie]

not that it solves the connection problem but thew WinNT provider exposes ObjectSID and GUID, one of these will match the WMI SID...i think, which means you algorthhm can match that of the scriptingguy article.

can you leverage a logonscript as opposed to remote connection?