Greetings,
Could I ask for the community's help with designing a script to change the Local Administrator Password?
Every 30 days, I would like to change each workstation's local administrator password to a random password, which would be generated at runtime. The 30-day interval would be determined by the last time the script ran successfully on the workstation. The random password would be unique to each workstation. All of the passwords would be stored in a secure location. The current password would overwrite any previous record.
I can *probably* engineer the code myself, but I'm struggling with some of the functionality...
Could such a script run as a local workstation startup script? This would be nifty for seldom-connected notebooks. Would it have the appropriate permissions to change the administrator password?
I can record each system's unique password by simply (over)writing a local text file, named for the workstation, then copy it up to a secured network share. But how to secure the local copy of that file? I thought about just burying it under @LANROOT but it would be nicer if I could script a permissions change which would deny modify to all but local administrators. Is there some way to script a permissions change?
The 30-day interval is easy - COMPAREFILETIMES between the local and network versions of the text file.
What's the risk of having domain passwords in a compiled KiXScripts Editor executeable?
Your assistance is greatly appreciated. :>
Thanks very much,
Tim ==
|