Announcement

Collapse
No announcement yet.

Rename Admin Account & Change Admin PW

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Rename Admin Account & Change Admin PW

    Joel,

    Great script and very useful but was wondering if your script could be modified to have an option to only run on a particular OU. Our organization uses different local admin account name and password on each OU. I no nothing about scripting other than the double click with a mouse. Any help in modifying your script for this requirement would be greatly appreciated.

    Thanks In Advance!

  • #2
    Re: Rename Admin Account & Change Admin PW

    Being that you're lucky enough to have a AD to run this on...

    I don't, so I wouldn't know where to edit the script to have it limit it's functions to just one particular OU.

    I'm sorry.

    Comment


    • #3
      Re: Rename Admin Account & Change Admin PW

      Can somebody please re-post this script

      <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by BKJ:
      <span style="font-weight: bold">Joel,

      Great script and very useful but was wondering if your script could be modified to have an option to only run on a particular OU. Our organization uses different local admin account name and password on each OU. I no nothing about scripting other than the double click with a mouse. Any help in modifying your script for this requirement would be greatly appreciated.

      Thanks In Advance!</span></div></div>

      Comment


      • #4
        Re: Rename Admin Account & Change Admin PW

        Sorry I haven't been around the board lately...

        New Job!

        But here's the script:
        ----------------------------------

        Option Explicit
        'On Error Resume Next

        '************************************************* ************************************************** *****
        '*** SID for the Administrator's account is equal to S-1-5--500
        '*** 500(decimal) translates into 000001F4(hex), which in the little endian notation becomes F4010000
        '*** This value is stored in the HEX_500_LE constant

        Const HEX_500_LE = "F4010000"
        Const ADS_SID_WINNT_PATH = 5
        Const ADS_SID_HEXSTRING = 1
        Const NO_OVERWRITE = TRUE 'used by CreateTextFile of the FileSystemObject
        Const FOR_READING = 1 'used by Scripting.FileSystemObject methods
        Const SEP = 20 'used as separator in output listing

        Dim strLocalGroup 'name of local group whose membership is to be modified
        ' (e.g. "Administrators")
        Dim objLocalGroup 'object representing local group whose membership is to be modified
        Dim strNewAdminName 'new name to be assigned to local Administrator account
        ' (e.g. "SomeoneElse" in our example)
        Dim strPassword 'new password to be set for local Administrator account
        ' (e.g. "Pa$$w0rd" in our example)
        Dim strLogFile 'name of the file containing script logging information
        Dim strPCFile 'name of the file containing list of target computers
        Dim objLogFile 'object representing log file
        Dim objPCFile 'object representing file containing list of target computers
        Dim strGlobalAdminGroups 'semicolon-separated list of global groups to be added to the local group
        'each group is in form DOMAIN_NAME/GLOBAL_GROUP_NAME
        Dim arrGlobalAdminGroups 'array of global groups to be added to the local group
        'each group is in form DOMAIN_NAME/GLOBAL_GROUP_NAME
        Dim arrGlobalAdminGroup 'helper array containing two elements: domain name and global group name
        Dim strTempLine, strDomain, WshNetwork, WshShell, strResponse
        Dim strComputer 'name of a target computer
        Dim strCompDomTemp 'temp variable used until it's decided wether the passed variable is a domain or a computer
        Dim objComputer 'object representing the target computer
        Dim blnAdminFound 'used to determine if the administrator's account has been found
        Dim objLocalAdmin 'object representing member of the target local group
        Dim objSID 'object referencing SID of the local Administrator account
        Dim strSIDHex 'hexadecimal representation of the SID of the local Administrator account
        Dim intCount 'loop counter
        Dim objFSO, objShell 'Scripting.FileSystemObject and Wscript.Shell objects
        Dim strRunPath


        strLocalGroup = "Administrators"
        strNewAdminName = "Administrator"
        strPassword = "[email protected]"
        strPCFile = "C:\PCList.txt"
        strLogFile = "SetLocalAdmins.LOG"
        strGlobalAdminGroups = "DomainName\Domain Admins"
        arrGlobalAdminGroups = Split(strGlobalAdminGroups,";")

        '************************************************* ************************************************** *****

        Set WshNetwork = CreateObject("WScript.Network")
        Set WshShell = CreateObject("WScript.Shell")
        Set objFSO = CreateObject("Scripting.FileSystemObject")
        Set objShell = CreateObject("WScript.Shell")
        ' Create the log file
        Set objLogFile = objFSO.CreateTextFile("c:" & strLogFile, NO_OVERWRITE)

        ' If the creation of the log file errors, quit
        If Err.Number <> 0 Then
        WScript.Echo "Failed to create the log file. Terminating ..."
        WScript.Quit
        End If

        ' set the domain
        strDomain = WshNetwork.UserDomain

        ' start logging
        objLogFile.WriteLine("Started logging at " & Now())
        objLogFile.WriteLine()

        ' get the arguments
        Dim objArgs : Set objArgs = WScript.Arguments ' create object with collection

        ' determine if an argument was passed
        If objArgs.Count >= 1 Then
        strComputer = objArgs(0) 'assign the passed computer name to a variable
        strResponse = MsgBox ("I'm sorry, but I need clarification." & vbCrLf & vbCrLf & _
        "If you wish to scan the computer: <" & strComputer & ">, click 'Yes'" & vbCrLf & vbCrLf & _
        "If you wish to scan the entire <" & strDomain & "> domain, click 'No'" & vbCrLf & vbCrLf & _
        "To quit this scan/script, click 'Cancel'", vbYesNoCancel + vbExclamation + vbDefaultButton2, _
        "Please confirm: Computer of Domain Name")
        Select Case strResponse
        Case vbCancel 'outta here!!
        WScript.Quit
        Case vbYes ' scan the computer
        'WshShell.Popup String(SEP,"*") & " Started processing " & strComputer & " " & String(SEP,"*"),2,"Process starting"
        Call ExecuteIt
        WshShell.Popup String(SEP,"*") & " Finished processing " & strComputer & " " & String(SEP,"*"),2,"Process Complete"
        Case vbNo 'scan the domain
        ' Check whether the file exists.
        If (objFSO.FileExists(strPCFile)) Then ' File exist; delete it (it will be created by the command itself)
        objFSO.DeleteFile(strPCFile)
        End If

        ' Create the file with the list of the online PCs
        strRunPath = "cmd /c net view /domain:" & strDomain & " > " & strPCFile
        WshShell.Run(strRunPath)

        WScript.Sleep(1000) ' pause to allow the Run command to complete

        ' open the file for reading
        Set objPCFile = objFSO.OpenTextFile(strPCFile, FOR_READING)

        If Err.Number <> 0 Then ' opening the file errored out...so quit
        WScript.Echo "Failed to access the PC listing file. Terminating ..."
        WScript.Quit
        End If

        '************************************************* ************************************************** *****
        '*** for each PC listed in the file :
        '*** rename local admin account,
        '*** change password,
        '*** add global groups to the local group

        Do While NOT objPCFile.AtEndOfStream
        strTempLine = objPCFile.ReadLine
        If Left(strTempLine,2) = "\" Then
        strComputer = Mid(Trim(Left(strTempLine,23)),3)
        Call ExecuteIt
        End If
        Loop
        objPCFile.Close
        objFSO.DeleteFile(objPCFile)
        End Select
        Else
        strResponse = MsgBox ("I'm sorry, but I need clarification." & vbCrLf & vbCrLf & _
        "If you wish to scan the computer: <" & WshNetwork.ComputerName & ">, click 'Yes'" & vbCrLf & vbCrLf & _
        "If you wish to scan the entire <" & strDomain & "> domain, click 'No'" & vbCrLf & vbCrLf & _
        "To quit this scan/script, click 'Cancel'", vbYesNoCancel + vbExclamation + vbDefaultButton2, _
        "Please confirm: Computer of Domain Name")
        Select Case strResponse
        Case vbCancel 'outta here!!
        WScript.Quit
        Case vbYes ' scan the computer
        'WshShell.Popup String(SEP,"*") & " Started processing " & strComputer & " " & String(SEP,"*"),2,"Process starting"
        strComputer = WshNetwork.ComputerName
        Call ExecuteIt
        WshShell.Popup String(SEP,"*") & " Finished processing " & strComputer & " " & String(SEP,"*"),2,"Process Complete"
        Case vbNo 'scan the domain
        ' Check whether the file exists.
        If (objFSO.FileExists(strPCFile)) Then ' File exist; delete it (it will be created by the command itself)
        objFSO.DeleteFile(strPCFile)
        End If

        ' Create the file with the list of the online PCs
        strRunPath = "cmd /c net view /domain:" & strDomain & " > " & strPCFile
        WshShell.Run(strRunPath)

        WScript.Sleep(1000) ' pause to allow the Run command to complete

        ' open the file for reading
        Set objPCFile = objFSO.OpenTextFile(strPCFile, FOR_READING)

        If Err.Number <> 0 Then ' opening the file errored out...so quit
        WScript.Echo "Failed to access the PC listing file. Terminating ..."
        WScript.Quit
        End If

        '************************************************* ************************************************** *****
        '*** for each PC listed in the file :
        '*** rename local admin account,
        '*** change password,
        '*** add global groups to the local group

        Do While NOT objPCFile.AtEndOfStream
        strTempLine = objPCFile.ReadLine
        If Left(strTempLine,2) = "\" Then
        strComputer = Mid(Trim(Left(strTempLine,23)),3)
        Call ExecuteIt
        End If
        Loop
        objPCFile.Close
        End Select
        End If

        objLogFile.WriteLine(String(SEP,"*") & " Finished processing " & String(SEP,"*"))

        objLogFile.Close

        ' put here in case you want to open the log file when done
        'WshShell.Run "%SystemRoot%\notepad.exe c:" & strLogFile

        WScript.Quit

        '************************************************* ************************************************** *****
        ' Subroutine to do the actual work
        '************************************************* ************************************************** *****
        Sub ExecuteIt
        On Error Resume Next
        blnAdminFound = FALSE 'indicates whether local Administrator account has been found

        objLogFile.WriteLine String(SEP,"*") & " Started processing " & strComputer & " " & String(SEP,"*")
        objLogFile.WriteLine()

        '************************************************* ************************************************** *****
        '*** Enumerate local admin accounts

        Set objLocalGroup = GetObject("WinNT://" & strComputer & "/" & strLocalGroup)
        objLogFile.WriteLine("*** Enumerating accounts in " & strLocalGroup & " group ***")
        objLogFile.WriteLine()

        For Each objLocalAdmin In objLocalGroup.Members
        objLogFile.WriteLine("Member of " & strLocalGroup & " group: " & objLocalAdmin.Name)

        '************************************************* ************************************************** *
        '*** Get SID Information, based on it find local Administrator account
        '*** SID for the Admistrator's account is equal to S-1-5--500

        If (NOT blnAdminFound) Then
        Set objSID = CreateObject("ADsSID")
        objSID.SetAs ADS_SID_WINNT_PATH, "WinNT://" & strComputer & "/" & objLocalAdmin.Name & ",user"
        strSIDHex = objSID.GetAs(ADS_SID_HEXSTRING)

        objLogFile.WriteLine("SID of the account (if ending with F4010000 then it's local Administrator): " & vbCrLF & strSIDHex)

        If (strComp(Right(strSIDHex, 8), HEX_500_LE, vbTextCompare) = 0) Then
        objLogFile.WriteLine("*** Administrator Account Found ***")

        '************************************************* ***********************************************
        '*** Reset the password for the local Administrator account
        objLocalAdmin.SetPassword(strPassword)
        If Err.Number = 0 Then
        objLogFile.WriteLine("*** Administrator password reset ***")
        Else
        objLogFile.WriteLine("*** Problems resetting Administrator password ***")
        objLogFile.WriteLine("*** Error :" & Err.Number & " " & Err.Description & " ***")
        End If

        '************************************************* ***********************************************
        '*** Rename the username to Administrator
        Set objComputer = GetObject("WinNT://" & strComputer)
        objComputer.MoveHere objLocalAdmin.AdsPath, strNewAdminName

        If Err.Number = 0 Then
        objLogFile.WriteLine("*** Administrator account renamed ***")
        Else
        objLogFile.WriteLine("*** Problems renaming Administrator account ***")
        objLogFile.WriteLine("*** Error :" & Err.Number & " " & Err.Description & " ***")
        End If

        blnAdminFound = True
        End If
        End If
        Next

        '************************************************* ************************************************** *
        '*** Add global groups to local Administrators

        objLogFile.WriteLine()
        objLogFile.WriteLine("*** Adding global groups to " & strLocalGroup & " group ***")
        objLogFile.WriteLine()

        'On Error Resume Next
        For intCount = 0 To UBound(arrGlobalAdminGroups)
        objLogFile.WriteLine("*** Adding " & arrGlobalAdminGroups(intCount) & " to " & strLocalGroup & " group ***")
        arrGlobalAdminGroup = split(arrGlobalAdminGroups(intcount), "")
        objLocalGroup.Add("WinNT://" & arrGlobalAdminGroup(0) & "/" & arrGlobalAdminGroup(1))
        If Err.Number = 0 Then
        objLogFile.WriteLine("*** " & arrGlobalAdminGroups(intCount) & " added successfully to " & strLocalGroup & " group ***")
        Else
        Set objGroup = GetObject("WinNT://" & arrGlobalAdminGroup(0) & "/" & arrGlobalAdminGroup(1))
        If objGroup.IsMember(objLocalGroup.aDSPath) Then
        objLogFile.WriteLine("*** The group " & arrGlobalAdminGroups(intCount) & " is already a member of " & strLocalGroup & " group ***")
        Else
        objLogFile.WriteLine("*** Problems adding " & arrGlobalAdminGroups(intCount) & " to " & strLocalGroup & " group ***")
        objLogFile.WriteLine("*** Error :" & Err.Number & " " & Err.Description & " ***")
        End If
        End If
        Next
        On Error Goto 0

        objLogFile.WriteLine()
        objLogFile.WriteLine(String(SEP,"*") & " Finished processing " & strComputer & " " & String(SEP,"*"))
        objLogFile.WriteLine()

        End Sub

        --------------------------------------------

        As for you, BKJ, I hope to start posting some AD / OU scripts/tools here, since we're FINALLY going AD.

        Enjoy!

        Joel

        Comment


        • #5
          Re: Rename Admin Account & Change Admin PW

          Is this script in VB? If so what version?
          Thanks,

          Comment


          • #6
            Re: Rename Admin Account & Change Admin PW

            Yep, save it as a vbs file, call it from a tool in Hyena.

            Don't understand what you mean by "version". If you're not up to 5.6 installed...your system is lacking. And if you've installed any kind of Service Pack lately, you're most likely updated.

            Comment

            Working...
            X