Change Password

Discussion in 'Scripting' started by Tom, Mar 4, 2009.

  1. Tom

    Tom Guest

    Hi all,

    I am trying to write vb script to change the local admin password.
    As of now I have this and it does the job.

    strComputer = "."
    Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
    objUser.SetPassword "1234"

    I would like to add an If statement that if the password is already 1234
    then it should exit.


    Thanks,

    Tom
     
    Tom, Mar 4, 2009
    #1
    1. Advertisements

  2. You can not read the current password. The only way to tell the current
    value is to try to authenticate with an candidate value and trap the error
    if the candidate is wrong. If there is no error, you have the correct
    password. In VBScript you could attempt to bind to something with alternate
    credentials. Of course you up the bad password count so you could contribute
    to an account lockout.

    And, it seems like it shouldn't matter, except for when the password will
    next expire.
     
    Richard Mueller [MVP], Mar 4, 2009
    #2
    1. Advertisements

  3. Tom

    Tom Guest

    Richard,
    Thank you for your your response.

    Would you mind provide the syntax of how to do that?
    In addition, I would like to know on which machine the password has changed.
    I will run the script via GPO in the startup script.

    Is it possible? if yes, how?

    Thank you for your time,

    Tom
     
    Tom, Mar 4, 2009
    #3
  4. First, I would change the local administrator password myself remotely,
    rather than in a startup script, so I know when the password is changed.
    That probably is part of your problem. In a way, who cares what the password
    is now, just set it to the correct value. In place of strComputer = ".", use
    the NetBIOS name of the computer and you can run the SetPassword method
    remotely if you are a member of the local Administrators group. By default,
    the group Domain Admins is added to the local Administrators group when the
    computer is joined to the domain.

    To answer your question, I think an example using the WinNT provider would
    be:
    ===========
    Const ADS_SECURE_AUTHENTICATION = &H1

    strAdsPath = "WinNT://MyComputer/Administrator,user"
    strUser = "MyDomain\MyUserName"
    strPassword = "xYz$312w"

    Set objNS = GetObject("WinNT:")
    Set objUser = objNS.OpenDSObject(strAdsPath, strUser, strPassword,
    ADS_SECURE_AUTHENTICATION)
    ===========
    Again, you would need to trap the error on the "Set objUser" statement to
    check if the password were wrong.

    You might want to use this example VBScript program to reset the
    Administrator password on all computers in bulk:

    http://www.rlmueller.net/Reset_Local_Admin_Passwords.htm

    The program logs which computers could not have the password reset, etc.

    --
    Richard Mueller
    MVP Directory Services
    Hilltop Lab - http://www.rlmueller.net
    --

     
    Richard Mueller [MVP], Mar 5, 2009
    #4
  5. Tom

    Tom Guest

    Richard,
    Thank you!

    Tom
     
    Tom, Mar 5, 2009
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.