change local admin password and name

We has someone leaving our Tech group so i need to change the admin name and
pswd.

I need to change the local admin psw on all our machines in AD. I'm an admin
in our OU and have an admin account on all the machines. I also have all the
current computer names.

I need to be able to change the admin pswd and admin name, and be able to
log successes and failures.
I belive this will change the local admin pswd but how do i change the name
and log the results.

On Error Resume Next
Set DomObj = GetObject("WinNT://Domain/Computer/Administrator,User")
DomObj.SetPassword "pswd"


any help would be appreciated
thanks

Hi Stephen,

You can run the below "vbs" script on all the machines within this OU using
Group Policy Logon Scripts:

' Script Begin
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colAccounts = objWMIService.ExecQuery _
("Select * From Win32_UserAccount Where LocalAccount = True And Name =
'Administrator'")
For Each objAccount in colAccounts
objAccount.Rename "NewAdmin"
Next

Dim WshShell, oExec
Password ="P@ssw0rd"
strCommand = "net user NewAdmin " & Password
Set WshShell = CreateObject("WScript.Shell")
Set oExec = WshShell.Exec(strCommand)
Do While oExec.Status = 0
WScript.Sleep 100
Loop
' Script End

Where the new administrator name is "NewAdmin" and the new password is
"P@ssw0rd"

Regards,



"stephen Johnson" wrote:

> We has someone leaving our Tech group so i need to change the admin name and
> pswd.
>
> I need to change the local admin psw on all our machines in AD. I'm an admin
> in our OU and have an admin account on all the machines. I also have all the
> current computer names.
>
> I need to be able to change the admin pswd and admin name, and be able to
> log successes and failures.
> I belive this will change the local admin pswd but how do i change the name
> and log the results.
>
> On Error Resume Next
> Set DomObj = GetObject("WinNT://Domain/Computer/Administrator,User")
> DomObj.SetPassword "pswd"
>
>
> any help would be appreciated
> thanks
>

many thanks i will start testing.

a question tho, how can i verify that all have ran it, beyond taking a
sample of machines and try to log in with the new name and password?



"M. Helmy" wrote:

> Hi Stephen,
>
> You can run the below "vbs" script on all the machines within this OU using
> Group Policy Logon Scripts:
>
> ' Script Begin
> strComputer = "."
> Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
> Set colAccounts = objWMIService.ExecQuery _
> ("Select * From Win32_UserAccount Where LocalAccount = True And Name =
> 'Administrator'")
> For Each objAccount in colAccounts
> objAccount.Rename "NewAdmin"
> Next
>
> Dim WshShell, oExec
> Password ="P@ssw0rd"
> strCommand = "net user NewAdmin " & Password
> Set WshShell = CreateObject("WScript.Shell")
> Set oExec = WshShell.Exec(strCommand)
> Do While oExec.Status = 0
> WScript.Sleep 100
> Loop
> ' Script End
>
> Where the new administrator name is "NewAdmin" and the new password is
> "P@ssw0rd"
>
> Regards,
>
>
>
> "stephen Johnson" wrote:
>
> > We has someone leaving our Tech group so i need to change the admin name and
> > pswd.
> >
> > I need to change the local admin psw on all our machines in AD. I'm an admin
> > in our OU and have an admin account on all the machines. I also have all the
> > current computer names.
> >
> > I need to be able to change the admin pswd and admin name, and be able to
> > log successes and failures.
> > I belive this will change the local admin pswd but how do i change the name
> > and log the results.
> >
> > On Error Resume Next
> > Set DomObj = GetObject("WinNT://Domain/Computer/Administrator,User")
> > DomObj.SetPassword "pswd"
> >
> >
> > any help would be appreciated
> > thanks
> >

What's the point of changing the name? That's overkill. I wouldn't bother.

Here's a script that will do it for you:

http://groups.google.com/group/micro...c6c80bece6291b


That changes the password on all servers in the domain that aren't DCs.
Change the filter from:

"(&(objectCategory=computer)(!operatingSystem=*server*)(!primaryGroupID=516*));"


To

"(&(objectCategory=computer)(!primaryGroupID=516*));"


You also need to change:

sPassword=aC0mpl3xP@55w0rd!


To whatever password you want to use.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net

Thanks for the help.

1) this is one piece of the puzzle to be able to logon,
2) I will be using this on more than servers, but i will use this on the
servers.

thanks much.

"Paul Williams [MVP]" wrote:

> What's the point of changing the name? That's overkill. I wouldn't bother.
>
> Here's a script that will do it for you:
>
> http://groups.google.com/group/micro...c6c80bece6291b
>
>
> That changes the password on all servers in the domain that aren't DCs.
> Change the filter from:
>
> "(&(objectCategory=computer)(!operatingSystem=*server*)(!primaryGroupID=516Â*));"
>
>
> To
>
> "(&(objectCategory=computer)(!primaryGroupID=516Â*));"
>
>
> You also need to change:
>
> sPassword=aC0mpl3xP@55w0rd!
>
>
> To whatever password you want to use.
>
> --
> Paul Williams
> Microsoft MVP - Windows Server - Directory Services
> http://www.msresource.net | http://forums.msresource.net
>
>
>
>

You can use it on computers too, you just need to change the filter as I
originally wrote it for member servers only.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net

thanks i will do that.

"Paul Williams [MVP]" wrote:

> You can use it on computers too, you just need to change the filter as I
> originally wrote it for member servers only.
>
> --
> Paul Williams
> Microsoft MVP - Windows Server - Directory Services
> http://www.msresource.net | http://forums.msresource.net
>
>
>

question--as you said that this will reset all the passwords in the default
domain.
can it be limited to just to a specific OU within Active Direcotry

"Paul Williams [MVP]" wrote:

> What's the point of changing the name? That's overkill. I wouldn't bother.
>
> Here's a script that will do it for you:
>
> http://groups.google.com/group/micro...c6c80bece6291b
>
>
> That changes the password on all servers in the domain that aren't DCs.
> Change the filter from:
>
> "(&(objectCategory=computer)(!operatingSystem=*server*)(!primaryGroupID=516Â*));"
>
>
> To
>
> "(&(objectCategory=computer)(!primaryGroupID=516Â*));"
>
>
> You also need to change:
>
> sPassword=aC0mpl3xP@55w0rd!
>
>
> To whatever password you want to use.
>
> --
> Paul Williams
> Microsoft MVP - Windows Server - Directory Services
> http://www.msresource.net | http://forums.msresource.net
>
>
>
>

question for you. while using the logon script how can i hide the name and
password from those who are nosey? there are other groups that have access to
the gpo files.

"M. Helmy" wrote:

> Hi Stephen,
>
> You can run the below "vbs" script on all the machines within this OU using
> Group Policy Logon Scripts:
>
> ' Script Begin
> strComputer = "."
> Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
> Set colAccounts = objWMIService.ExecQuery _
> ("Select * From Win32_UserAccount Where LocalAccount = True And Name =
> 'Administrator'")
> For Each objAccount in colAccounts
> objAccount.Rename "NewAdmin"
> Next
>
> Dim WshShell, oExec
> Password ="P@ssw0rd"
> strCommand = "net user NewAdmin " & Password
> Set WshShell = CreateObject("WScript.Shell")
> Set oExec = WshShell.Exec(strCommand)
> Do While oExec.Status = 0
> WScript.Sleep 100
> Loop
> ' Script End
>
> Where the new administrator name is "NewAdmin" and the new password is
> "P@ssw0rd"
>
> Regards,
>
>
>
> "stephen Johnson" wrote:
>
> > We has someone leaving our Tech group so i need to change the admin name and
> > pswd.
> >
> > I need to change the local admin psw on all our machines in AD. I'm an admin
> > in our OU and have an admin account on all the machines. I also have all the
> > current computer names.
> >
> > I need to be able to change the admin pswd and admin name, and be able to
> > log successes and failures.
> > I belive this will change the local admin pswd but how do i change the name
> > and log the results.
> >
> > On Error Resume Next
> > Set DomObj = GetObject("WinNT://Domain/Computer/Administrator,User")
> > DomObj.SetPassword "pswd"
> >
> >
> > any help would be appreciated
> > thanks
> >

can you answer a different question?
when i ran your script, i got an error unterminated string constant
Line 5 charater 76 code:800a0409 source:microsoft VBscript compilation error
any ideas?

"M. Helmy" wrote:

> Hi Stephen,
>
> You can run the below "vbs" script on all the machines within this OU using
> Group Policy Logon Scripts:
>
> ' Script Begin
> strComputer = "."
> Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
> Set colAccounts = objWMIService.ExecQuery _
> ("Select * From Win32_UserAccount Where LocalAccount = True And Name =
> 'Administrator'")
> For Each objAccount in colAccounts
> objAccount.Rename "NewAdmin"
> Next
>
> Dim WshShell, oExec
> Password ="P@ssw0rd"
> strCommand = "net user NewAdmin " & Password
> Set WshShell = CreateObject("WScript.Shell")
> Set oExec = WshShell.Exec(strCommand)
> Do While oExec.Status = 0
> WScript.Sleep 100
> Loop
> ' Script End
>
> Where the new administrator name is "NewAdmin" and the new password is
> "P@ssw0rd"
>
> Regards,
>
>
>
> "stephen Johnson" wrote:
>
> > We has someone leaving our Tech group so i need to change the admin name and
> > pswd.
> >
> > I need to change the local admin psw on all our machines in AD. I'm an admin
> > in our OU and have an admin account on all the machines. I also have all the
> > current computer names.
> >
> > I need to be able to change the admin pswd and admin name, and be able to
> > log successes and failures.
> > I belive this will change the local admin pswd but how do i change the name
> > and log the results.
> >
> > On Error Resume Next
> > Set DomObj = GetObject("WinNT://Domain/Computer/Administrator,User")
> > DomObj.SetPassword "pswd"
> >
> >
> > any help would be appreciated
> > thanks
> >

You can't do this effectively. You can encrypt the script but this is
easily broken. You shouldn't use credentials in the body of the script.
You should either use an appropriate context, or wrap the script in some
kind of secure method such as a systems management package using a tool such
as SMS, LANDesk, Radia, etc.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net

Yeah, change:

> sBase = "<LDAP://"&oRootDse.get("defaultNamingContext")&">;"

to

> sBase = "<LDAP://OU=OUNAMEGIESHERE," &
> oRootDse.get("defaultNamingContext")&">;"


Note. The last character in the OU name must be a comma " , "

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net