Change LUser Administrator Password - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » Change LUser Administrator Password

Page 1 of 1

1

Topic Options

#76634 - 2003-09-12 01:58 AM Change LUser Administrator Password
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	I put together an admin script that, run as a task scheduled script, will scan the network for machines advertised to be on and will reach out over the network and change the passwords. I use Howard's RenameAdmin.exe utility http://home.comcast.net/~habullock/Perlutilities.htm and store the results in an INI file. I also use a config.ini files to store the passwords and an exclude list. The script will change the passwords every month. I also "borrowed" Shawn's phone.kix http://www.kixforms.org/archive/scripts/phone.kix and after a few small mods, it will read in and display the results.ini output. ; Script to reset passwords on remote machines ; by Les Ligetfalvy ;@error + '[' + @SError + ']' ? break on dim $,$computer,$domain,$comp,$ConfigINI,$ResultsINI,$exclude,$Month,$last,$RenCmdPre,$RenCmdPost,$Pwd,$ShellCMD $ = setoption('explicit','on') $ = setoption('wrapateol','on') $ConfigINI = @ScriptDir + '\config.ini' $ResultsINI = @ScriptDir + '\results.ini' $Month = @Month $Pwd = ReadProfileString($ConfigINI,'Passwords',$Month) $domain = 'FF' $exclude = split(ReadProfileString($ConfigINI,'Exclude',''),chr(10)) $RenCmdPre = @ScriptDir + '\RenameAdmin.exe --computer ' $RenCmdPost = ' --pwd ' + $Pwd + ' --nolog --quiet' for each $computer in netview2($domain,1) $comp = split($computer,',')[0] if ascan($exclude,$comp) = -1 $last = ReadProfileString($ResultsINI,$comp,'LastPwdChanged') if @error = 0 and $last <> $Month $ShellCMD = $RenCmdPre + $comp + $RenCmdPost ;shell $ShellCMD if @error = 0 $ = WriteProfileString($ResultsINI,$comp,'LastPwdChanged',$Month) $ = WriteProfileString($ResultsINI,$comp,'LastSeen',@Date) else $ = WriteProfileString($ResultsINI,$comp,'LastError',@Date + ', ' + @Time + ' - ' + @SError) endif else $ = WriteProfileString($ResultsINI,$comp,'LastSeen',@Date) endif endif next ;============================== function NetView2(optional $domain, optional $commentflag) ;http://81.17.37.55/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=12;t=000202 dim $array[255] dim $redim, $i, $j, $tempfile dim $filehandle, $retcode dim $name, $comment, $line $redim = 255 $i = 0 $j = 0 $tempfile = '%temp%\netview.tmp' if $domain $domain = '/domain:'+trim($domain) endif if vartype($commentflag) $commentflag=val($commentflag) else $commentflag=0 endif if exist($tempfile) del $tempfile endif shell '%comspec% /c net view $domain >"'+$tempfile+'"' if @error = 0 $filehandle=1 do $retcode=open($filehandle,$tempfile) $filehandle=$filehandle+1 until $retcode=0 or $filehandle=11 select case $retcode=-3 exit 4 case $retcode=-2 exit 6 case $retcode=-1 exit 123 case $retcode=0 $filehandle=$filehandle-1 case $retcode>0 exit @ERROR case $filehandle=11 exit 4 endselect for $j = 1 to 5 $line = readline($filehandle) ; skip headings next while @error = 0 $name= trim(substr($line,3,instr($line,' ')-1)) $comment = trim(right($line,len($line)-instr($line,' '))) if $commentflag $array[$i]=$name+','+$comment else $array[$i]=$name endif $i=$i+1 if $i = $redim $redim=$redim2 redim preserve $array[$redim] endif $line = readline($filehandle) loop $retcode=close($filehandle) del $tempfile if $i redim preserve $array[$i-4] $netview2 = $array exit @error* endif endif $netview2 = 0 exit @error endfunction Then there is the config.ini file: code: [Exclude] FFMRTG=1 FFCDTOWER=1 FFPDC=1 FFBDC=1 [Passwords] January=12345678 February=23456789 March=34567890 April=45678901 May=56789012 June=67890123 July=78901234 August=89012345 September=90123456 October=01234567 November=87654321 December=98765432 [ 12. September 2003, 19:53: Message edited by: LLigetfa ] _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#76635 - 2003-09-12 09:01 AM Re: Change LUser Administrator Password
MightyR1 MightyR1 MM club member Registered: 1999-09-09 Posts: 1264 Loc: The Netherlands	Nice... where did you find info on the RenameAdmin switches? --computer --pwd --nolog --quiet _________________________ Greetz, Patrick Rutten - We'll either find a way or make one... - Knowledge is power; knowing how to find it is more powerful... - Problems don't exist; they are challenges...
Top

#76636 - 2003-09-12 10:19 AM Re: Change LUser Administrator Password
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Just run it without parms and it will dump the help text. BTW, Howard emailed me a special build. I haven't been able to download anything from his site for a while. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#76637 - 2003-09-12 11:29 AM Re: Change LUser Administrator Password
MightyR1 MightyR1 MM club member Registered: 1999-09-09 Posts: 1264 Loc: The Netherlands	It's another build then.. Howard, what's the diff in this build; will it be released??? _________________________ Greetz, Patrick Rutten - We'll either find a way or make one... - Knowledge is power; knowing how to find it is more powerful... - Problems don't exist; they are challenges...
Top

#76638 - 2003-09-12 05:34 PM Re: Change LUser Administrator Password
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	Les, what are your thoughts about having all the RenameAdmin.exe switches being displayed? Should the --Encrypt switch not be shown? I may publish the new code in a week. But I want to know if Doc has any issues since this build is very close to the custom I provide to him. the web site seems to be fixed now. [ 12. September 2003, 17:35: Message edited by: Howard Bullock ] _________________________ Home page: http://www.kixhelp.com/hb/
Top

#76639 - 2003-09-12 05:43 PM Re: Change LUser Administrator Password
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	hmm... wouldn't it be better to show the switches only via a switch. like --help _________________________ ! download KiXnet
Top

#76640 - 2003-09-12 07:04 PM Re: Change LUser Administrator Password
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	I generally throw up the usage if the the required parameters are not found on the command line. If you try GrpMaint.exe you will see this along with two levels of help via switches. The quick and dirty builds I throw up the banner and syntax. [ 12. September 2003, 19:04: Message edited by: Howard Bullock ] _________________________ Home page: http://www.kixhelp.com/hb/
Top

#76641 - 2003-09-12 07:58 PM Re: Change LUser Administrator Password
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Hmmm... Guessing you could have done it just as easily as I. quote: RenameAdmin.exe (1.2.4.3) - Optionally renames and/or sets the password of the local [Builtin] 'administrator' account on the specified computer without knowing the original account name. Requires administrator permissions on the target computer. The 'Encrypted' option tells the program that the password supplied with the '--Pwd' option is encrypted and must be decrypted. Written by: Howard A. Bullock (habullock@comcast.net) Copyright 2003 Syntax: RenameAdmin.exe --Computer name [--Name NewName] [--Pwd NewPwd] [--Encrypted] [--NoLog] [--Quiet] RenameAdmin.exe --EncryptPwd NewPassword _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#76642 - 2003-10-12 05:51 AM Re: Change LUser Administrator Password
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	I knew when I wrote this that I would have to rewrite it once I migrated to AD but I had to fix all the lost passwords before the migration. Well, I am now migrated to AD, so here is my first draft of the rewrite. I will eventually change the methodology from using NetView2() to something like EnumOU() but for now there are not that many in the new domain. One thing I found is that the "Comment" that NetView2() returns is not displayed either in Hyena or in ADUC. What does show in its stead is the "Description" field which is blank. I now write the "Comment" both to the INI file and to AD. Also if the "Description" exists in AD and does not match the server "Comment", I write the "Comment" to the computer. ; Script to reset passwords on remote machines ; Version 2.0 ; Requires Kixtart 4.x ; by Les Ligetfalvy ;@error + '[' + @SError + ']' ? break on dim $,$computer,$domain,$comp,$ConfigINI,$ResultsINI,$exclude,$Month,$last,$RC[4] dim $RenCmdPre,$RenCmdPost,$Pwd,$ShellCMD,$Comment,$ADProp,$adsComputer,$Desc,$ADdesc $ = setoption('explicit','on') $ = setoption('wrapateol','on') $ConfigINI = @ScriptDir + '\config.ini' $ResultsINI = @ScriptDir + '\results.ini' $Month = @Month $Pwd = ReadProfileString($ConfigINI,'Passwords',$Month) $exclude = split(ReadProfileString($ConfigINI,'Exclude',''),chr(10)) $RenCmdPre = @ScriptDir + '\RenameAdmin.exe --computer ' $RenCmdPost = ' --pwd ' + $Pwd + ' --nolog --quiet' for each $computer in netview2(@domain,1) $comp = split($computer,',')[0] $comment = split($computer,',')[1] If ascan($exclude,$comp) = -1 and left($comp,2) = 'FF' $rc = InContainer('ou=ff,ou=cacc,dc=cacc,dc=local','computer',$comp) If $rc[0] > 0 $last = ReadProfileString($ResultsINI,$comp,'LastPwdChanged') If @error = 0 and $last <> $Month $ADProp = GetObject('LDAP://'+$RC[3]) $ADdesc = $ADProp.get('description') If $Comment <> '' and $ADdesc <> $Comment $ADProp.put('description',$comment) $ADProp.setinfo $ADProp = '' $ADdesc = $Comment endif If $ADdesc <> '' and $Comment <> $ADdesc $adsComputer = GetObject('WinNT://' + $Comp + '/LanmanServer') $adsComputer.Description = $ADdesc $adsComputer.SetInfo $adsComputer = '' endif $ShellCMD = $RenCmdPre + $comp + $RenCmdPost ;shell $ShellCMD If @error = 0 $ = WriteProfileString($ResultsINI,$comp,'LastPwdChanged',$Month) $ = WriteProfileString($ResultsINI,$comp,'LastSeen',@Date + ', ' + @Time) $ = WriteProfileString($ResultsINI,$comp,'Comment',$Comment) else $ = WriteProfileString($ResultsINI,$comp,'LastError',@Date + ', ' + @Time + ' - ' + @SError) endif else $ = WriteProfileString($ResultsINI,$comp,'LastSeen',@Date + ', ' + @Time) $ = WriteProfileString($ResultsINI,$comp,'Comment',$Comment) endif endif endif next ;============================== function NetView2(optional $domain, optional $commentflag) ;http://81.17.37.55/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=12;t=000202 dim $array[255] dim $redim, $i, $j, $tempfile dim $filehandle, $retcode dim $name, $comment, $line $redim = 255 $i = 0 $j = 0 $tempfile = '%temp%\netview.tmp' if $domain $domain = '/domain:'+trim($domain) endif if vartype($commentflag) $commentflag=val($commentflag) else $commentflag=0 endif if exist($tempfile) del $tempfile endif shell '%comspec% /c net view $domain >"'+$tempfile+'"' if @error = 0 $filehandle=1 do $retcode=open($filehandle,$tempfile) $filehandle=$filehandle+1 until $retcode=0 or $filehandle=11 select case $retcode=-3 exit 4 case $retcode=-2 exit 6 case $retcode=-1 exit 123 case $retcode=0 $filehandle=$filehandle-1 case $retcode>0 exit @ERROR case $filehandle=11 exit 4 endselect for $j = 1 to 5 $line = readline($filehandle) ; skip headings next while @error = 0 $name= trim(substr($line,3,instr($line,' ')-1)) $comment = trim(right($line,len($line)-instr($line,' '))) if $commentflag $array[$i]=$name+','+$comment else $array[$i]=$name endif $i=$i+1 if $i = $redim $redim=$redim2 redim preserve $array[$redim] endif $line = readline($filehandle) loop $retcode=close($filehandle) del $tempfile if $i redim preserve $array[$i-4] $netview2 = $array exit @error* endif endif $netview2 = 0 exit @error endfunction ;-------------------------------------------------------------------------------- ;FUNCTION InContainer() ;http://www.kixtart.org/board/ultimatebb.php?ubb=get_topic;f=12;t=000179 ;AUTHOR Howard A. Bullock (hbullock@tycoelectronics.com) ; ;VERSION 1.3 (modified by Les Ligetfalvy) ; Function InContainer ($Container, $NameType, $Name) Dim $CurrentContainer, $Name1, $Name2 select case $NameType = 'Computer' $Name1 = @Domain + '\' + $Name + '$' case $NameType = 'User' $Name1 = @LDomain + '\' + @UserID case 1 $Name1 = '' endselect if $Name1 <> '' $Name2 = TranslateName (3, '', 3, $Name1, 1) if $Name2[1] = 0 $CurrentContainer = substr($Name2[0], instr($Name2[0], ',')+1) select case $CurrentContainer=$Container $InContainer = 1, $Name2[1], $Name2[2], $Name2[0] case instr($Name2[0], $Container) $InContainer = 2, $Name2[1], $Name2[2], $Name2[0] case 1 $InContainer = 0, $Name2[1], $Name2[2] endselect else $InContainer = -2, $Name2[1], $Name2[2] endif else $InContainer = -1, 0, '','' endif EndFunction ;-------------------------------------------------------------------------------- ;FUNCTION TranslateName() ;http://www.kixtart.org/board/ultimatebb.php?ubb=get_topic;f=12;t=000178 ;AUTHOR Howard A. Bullock (hbullock@tycoelectronics.com) ; ;VERSION 2.0 ; Function TranslateName ($InitType, $BindName, $LookupNameType, $LookupName, $ReturnNameType) Dim $NameTranslate, $ReturnName, $Error, $ErrorText $Error = 0 $ErrorText = '' $ReturnName = '' $NameTranslate = CREATEOBJECT ('NameTranslate') $Error = @error $ErrorText = @serror if $Error = 0 $NameTranslate.Init ($InitType, $BindName) $Error = @error $ErrorText = @serror if $Error = 0 $NameTranslate.Set ($LookupNameType, $LookupName) $Error = @error $ErrorText = @serror if $Error = 0 $ReturnName = $NameTranslate.Get($ReturnNameType) $Error = @error $ErrorText = @serror endif endif endif $TranslateName = $ReturnName, $Error, $ErrorText Endfunction _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#76643 - 2003-10-12 06:35 AM Re: Change LUser Administrator Password
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11628 Loc: CA	Les, Does it check to verify that you do have Admin rights on the system to change the password in the first place? and / or log that you do/don't? I assume this is the field we were talking about earlier. $ADProp.put('description',$comment)
Top

#76644 - 2003-10-12 01:20 PM Re: Change LUser Administrator Password
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Duh! There is no need to check for admin rights cuz it's an admin script. HEHEE $ = WriteProfileString($ResultsINI,$comp,'LastError',@Date + ', ' + @Time + ' - ' + @SError) We talked about both the AD property and the local property. $adsComputer.Description = $ADdesc ;local server comment $ADProp.setinfo ;AD computer property I figured the ADSI provider would have been a good enough clue. If you plan to use Howard's InContainer() UDF, note that I modified it to also return the DN ($RC[[3]). I suspect though, that for your needs, you would not need that UDF. [ 12. October 2003, 13:22: Message edited by: LLigetfa ] _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#76645 - 2003-10-12 02:42 PM Re: Change LUser Administrator Password
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	Les: One thing you might have overlooked is that it is possible that there are services running under the local administrator's credentials. Thus, you might need to check for these services and then also change the approrpiate service's account information. _________________________ There are two types of vessels, submarines and targets.
Top

#76646 - 2003-10-12 02:49 PM Re: Change LUser Administrator Password
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Actually Jens, I had previously audited the services. That is why I have an exclude list in an INI file... just didn't allocate any verbage. Good point though for anyone else that may adopt this script or concept. A less optimistic approach might check this in-line and change the service account settings on the fly too. I have heard of some companies that change service account passwords on a regular schedule. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#76647 - 2003-11-22 02:43 AM Re: Change LUser Administrator Password
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	I have updated my web site with RenameAdmin.exe version 1.2.4.4 which has the switches mentioned in this thread. The the program returns 0 on success or an error number of the failure. So if you use Shell, you can check @error after the Shell statement. _________________________ Home page: http://www.kixhelp.com/hb/
Top

Page 1 of 1

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Who's Online

1 registered (Allen) and 1172 anonymous users online.

Newest Members

StuTheCoder, M_Moore, BeeEm, min_seow, Audio
17884 Registered Users

Generated in 0.077 seconds in which 0.037 seconds were spent on a total of 12 queries. Zlib compression enabled.

click tracking