Notification

Icon
Error

Script - Reset Local Admin Password

Posted: Tuesday, January 6, 2015 1:07:29 PM(UTC)
Bert.D

Bert.D

Member Lansweeper Developer Administration Original PosterPosts: 103
8
Like
Looks up the name of the Local Administrator and resets the password.

Rem: You need to add the password as a parameter.
Rem: If you do not add a password parameter, the password is default set to: !NewCompl3xP@ssword!

Rem: Copy the code below and save it as Reset_Local_Admin_Password.vbs at the {PackageShare}\Scripts folder

Code:

On Error Resume Next
strComputer = "."

Set oShell = CreateObject("WScript.Shell") 
sUser = "Administrator" 
sPwd = "!NewCompl3xP@ssword!" 

Set Arg = WScript.Arguments
If  Arg.Count > 0 Then
sPwd = Arg(0) 'Pass the password as parameter to the script
End if

'Get the administrator name
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_UserAccount Where LocalAccount = True")
For Each objItem in colItems
	sidAdmin = objItem.SID
	if trim(right(sidAdmin, 3)="500") and trim(left(sidAdmin,9)="S-1-5-21-") then
		
		'Echo = echo & "Name: " & objItem.Name & vbcrlf
		'Echo = echo & "SID: " & sidAdmin
		sUser =  objItem.Name
		Set oUser = GetObject("WinNT://" & strComputer & "/" & sUser) 
		 
		' Set the password 
		oUser.SetPassword sPwd 
		oUser.Setinfo 
		
		exit for
	end if
Next
Script - Reset Local Admin PasswordDownload Package
DescriptionLooks up the name of the Local Administrator ans resets the password.

Rem: You need to add the password as a parameter.
Rem: If you do not add a password parameter, the password is default set to: !NewCompl3xP@ssword!
Final ActionNothing
Max. Duration3 min(s), 0 hour(s)
RescanNo
Steps
1. Check for file
TypeCondition
SuccessGo To Step 2
FailureStop (Failure)
Conditions
File {PackageShare}\Scripts\ Reset_Local_Admin_Password.vbs Exists
2. Execute script
TypeScript
Return Codes 0,1641,3010
SuccessStop (Success)
FailureStop (Failure)
Command "{PackageShare}\Scripts\Reset_Local_Admin_Password.vbs" !NewCompl3xP@ssword!
steadhouse
#1steadhouse Member Posts: 1  
posted: 2/16/2015 5:56:55 PM(UTC)
Such a good solution - thank you! Dancing
vgopalap
#2vgopalap Member Posts: 1  
posted: 2/20/2015 1:02:16 PM(UTC)
I tried this script deployment executes fine but the password is not changing if the built in admin account is disabled and new local admin account has been created. Please let us know how to proceed in this situation
Bert.D
#3Bert.D Member Lansweeper Developer Administration Original PosterPosts: 103  
posted: 3/4/2015 3:39:10 PM(UTC)
This script is designed to change the password of the default LocalAccount.

If you want to change the password of a user, you could try something like this.
(FYI: I'm assuming you know the username)

Code:

strComputer = "."
sUser = "YourUser"
sPwd = "!NewCompl3xP@ssword!"
Set objUser = GetObject("WinNT://" & strComputer & "/" & sUser & ", user" )
objUser.SetPassword sPwd
objUser.SetInfo 



FYI: This is semi-tested code
willpolley
#4willpolley Member Posts: 5  
posted: 3/9/2015 12:02:59 AM(UTC)
If you send the password as an Arg, is it sent in a secure fashion?
Bert.D
#5Bert.D Member Lansweeper Developer Administration Original PosterPosts: 103  
posted: 3/10/2015 11:34:34 AM(UTC)
No it is not.
To make it more secure, you could add an decryption method to the script and pass the password encrypted.

In the end, the script will still be readable by everyone who has access to the share where the file resides.
pixa241
#6pixa241 Member Posts: 8  
posted: 6/3/2015 8:22:26 PM(UTC)
We have thin clients not on the domain and locked down pretty tight as far as remote access, each thin client has a password specific to itself based on the Host Name, but all usernames are the same, could I possibly use this script to change the password for all those thin clients? Our password is my%hostname%password, could I just put that variable in the script?
Bert.D
#7Bert.D Member Lansweeper Developer Administration Original PosterPosts: 103  
posted: 6/5/2015 3:55:16 PM(UTC)
Yes that's possible, you will need to change the script a little to look up the hostname and add it to your password.
tmcmanus3385@stanly.edu
#8tmcmanus3385@stanly.edu Member Posts: 4  
posted: 7/16/2015 2:06:03 PM(UTC)
We have a local admin account named scc2 and its a local admin account. I'm trying to edit this script and use it to change the password for this account on all our computers on campus. I changed the password, username and sid where needed, but its not changing the scc2 password, but it does change the local Admin account's password. I thought that was strange considering the username changed in script. I changed the password and SID in script below for security reasons, but this is basically what I'm using. I"m rookie at scripts and could use the help. Any ideas on why its not changing the password for co-optech?

On Error Resume Next
strComputer = "."

Set oShell = CreateObject("WScript.Shell")
sUser = "scc2"
sPwd = "newpasswordhere"

Set Arg = WScript.Arguments
sPwd = Arg(0) 'Pass the password as parameter to the script

'Get the administrator name
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_UserAccount Where LocalAccount = True")
For Each objItem in colItems
sidAdmin = objItem.SID
if trim(right(sidssc2, 3)="1001") and trim(left(sidAdmin,9)="S-1-5-21-333333333-22222222-111111111-1001")

then

'Echo = echo & "Name: " & objItem.Name & vbcrlf
'Echo = echo & "SID: " & sidscc2
sUser = objItem.Name
Set oUser = GetObject("WinNT://" & strComputer & "/" & sUser)

' Set the password
oUser.SetPassword sPwd
oUser.Setinfo

exit for
end if
Bert.D
#9Bert.D Member Lansweeper Developer Administration Original PosterPosts: 103  
posted: 7/16/2015 2:40:38 PM(UTC)
I'm not sure what you are trying to do there... Think
If you know the name of the user you are trying to change, don't make it too hard on yourself Angel

Code:

On Error Resume Next
strComputer = "."

Set oShell = CreateObject("WScript.Shell")
sUser = "scc2"
sPwd = "newpasswordhere"

Set oUser = GetObject("WinNT://" & strComputer & "/" & sUser)    
oUser.SetPassword sPwd 
oUser.Setinfo 
tmcmanus3385@stanly.edu
#10tmcmanus3385@stanly.edu Member Posts: 4  
posted: 7/16/2015 3:17:32 PM(UTC)
gotcha. I"m new to scripts and didn't catch the original script looked the administrators name up. I thought it was changing the password for the account named Administrator. I will give this a try. thanks
warlock1663
#11warlock1663 Member Posts: 15  
posted: 9/6/2017 9:45:44 PM(UTC)
Hi,
I know this feed is pretty old but I hope someone sees this.

Can this be used on certain OU's or will it change every password in active directory?

Thanks
sreejith
#12sreejith Member Posts: 2  
posted: 1/12/2018 2:23:02 PM(UTC)
Hi ,

How to rename user account
Florian_Eigsi
#13Florian_Eigsi Member Posts: 1  
posted: 4/12/2019 2:39:04 PM(UTC)
Hi,

I just launch one command :

Quote:
net user Administrateur YourPassword /active:yes


No vbs needed
CyberCitizen
#14CyberCitizen Member Posts: 210  
posted: 4/15/2019 12:22:09 AM(UTC)
Originally Posted by: Florian_Eigsi Go to Quoted Post
Hi,

I just launch one command :

Quote:
net user Administrateur YourPassword /active:yes


No vbs needed


I do something similar as when I joined this company the local admin password was set randomly on machines and not on others, it was a real hassle when we would get machines back having to bypass the login all the time.

So we pushed this out to every machine but also added it to our SOE.

net user administrator PASSWORD /active:yes
net accounts /MaxPWAge:UNLIMITED
net user Administrator /expires:never
REG ADD HKLM\Software\Lansweeper /v AdminAcctEnabled /t REG_DWORD /d 1

The last command is so we can report on those that have had the password set correctly, if not, we can re-deploy it via a scheduled report or some other means.
TaherMD
#15TaherMD Member Posts: 2  
posted: 7/24/2019 3:22:26 AM(UTC)
Originally Posted by: Bert.D Go to Quoted Post
No it is not.
To make it more secure, you could add an decryption method to the script and pass the password encrypted.

In the end, the script will still be readable by everyone who has access to the share where the file resides.


Hi, Could you please share how we could achieve this. (Sending an encrypted password and then decrypting it at the workstation.

Thanks.
Ricky Hignite
#16Ricky Hignite Member Posts: 1  
posted: 7/26/2019 6:30:06 PM(UTC)
Originally Posted by: TaherMD Go to Quoted Post
Originally Posted by: Bert.D Go to Quoted Post
No it is not.
To make it more secure, you could add an decryption method to the script and pass the password encrypted.

In the end, the script will still be readable by everyone who has access to the share where the file resides.


Hi, Could you please share how we could achieve this. (Sending an encrypted password and then decrypting it at the workstation.

Thanks.


Microsoft has you covered with LAPS:
https://www.microsoft.com/en-us/...ad/details.aspx?id=46899

Active Discussions

Lansweeper Asset Value Report
by  RC62N   Go to last post Go to first unread
Last post: 9/20/2019 7:12:29 PM(UTC)
Lansweeper Display Hyper-V Guest User report
by  GlenTB  
Go to last post Go to first unread
Last post: 9/20/2019 2:26:15 PM(UTC)
Report Center Windows Defender Antivirus Broken Scan Audit
by  Esben.D   Go to last post Go to first unread
Last post: 9/20/2019 12:18:02 PM(UTC)
Lansweeper Reports are empty
by  Mendoza  
Go to last post Go to first unread
Last post: 9/20/2019 11:12:18 AM(UTC)
Lansweeper Custom Helpdesk Report
by  StevoCamaro   Go to last post Go to first unread
Last post: 9/19/2019 11:13:05 PM(UTC)
Lansweeper Windows 7 EOL
by  RC62N  
Go to last post Go to first unread
Last post: 9/19/2019 4:42:11 PM(UTC)
Lansweeper Drive Encryption statuses
by  DFox   Go to last post Go to first unread
Last post: 9/19/2019 12:54:06 PM(UTC)
Lansweeper Patch Tuesday report, last 3 months
by  Esben.D  
Go to last post Go to first unread
Last post: 9/19/2019 10:55:07 AM(UTC)