Script - Reset Local Admin Password

Bert_D · ‎01-06-2015

Looks up the name of the Local Administrator and resets the password.

Rem: You need to add the password as a parameter.
Rem: If you do not add a password parameter, the password is default set to: !NewCompl3xP@ssword!

Rem: Copy the code below and save it as Reset_Local_Admin_Password.vbs at the {PackageShare}\Scripts folder


On Error Resume Next
strComputer = "."

Set oShell = CreateObject("WScript.Shell") 
sUser = "Administrator" 
sPwd = "!NewCompl3xP@ssword!" 

Set Arg = WScript.Arguments
If  Arg.Count > 0 Then
sPwd = Arg(0) 'Pass the password as parameter to the script
End if

'Get the administrator name
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_UserAccount Where LocalAccount = True")
For Each objItem in colItems
	sidAdmin = objItem.SID
	if trim(right(sidAdmin, 3)="500") and trim(left(sidAdmin,9)="S-1-5-21-") then
		
		'Echo = echo & "Name: " & objItem.Name & vbcrlf
		'Echo = echo & "SID: " & sidAdmin
		sUser =  objItem.Name
		Set oUser = GetObject("WinNT://" & strComputer & "/" & sUser) 
		 
		' Set the password 
		oUser.SetPassword sPwd 
		oUser.Setinfo 
		
		exit for
	end if
Next

pixa241 · ‎06-03-2015

We have thin clients not on the domain and locked down pretty tight as far as remote access, each thin client has a password specific to itself based on the Host Name, but all usernames are the same, could I possibly use this script to change the password for all those thin clients? Our password is my%hostname%password, could I just put that variable in the script?

Bert_D · ‎03-10-2015

No it is not.
To make it more secure, you could add an decryption method to the script and pass the password encrypted.

In the end, the script will still be readable by everyone who has access to the share where the file resides.

TaherMD · ‎07-24-2019

Bert.D wrote:
No it is not.
To make it more secure, you could add an decryption method to the script and pass the password encrypted.

In the end, the script will still be readable by everyone who has access to the share where the file resides.

Hi, Could you please share how we could achieve this. (Sending an encrypted password and then decrypting it at the workstation.

Thanks.

Ricky_Hignite · ‎07-26-2019

TaherMD wrote:
Bert.D wrote:
No it is not.
To make it more secure, you could add an decryption method to the script and pass the password encrypted.

In the end, the script will still be readable by everyone who has access to the share where the file resides.

Hi, Could you please share how we could achieve this. (Sending an encrypted password and then decrypting it at the workstation.

Thanks.

Microsoft has you covered with LAPS:
https://www.microsoft.com/en-us/download/details.aspx?id=46899

willpolley · ‎03-09-2015

If you send the password as an Arg, is it sent in a secure fashion?

Bert_D · ‎03-04-2015

This script is designed to change the password of the default LocalAccount.

If you want to change the password of a user, you could try something like this.
(FYI: I'm assuming you know the username)


strComputer = "."
sUser = "YourUser"
sPwd = "!NewCompl3xP@ssword!"
Set objUser = GetObject("WinNT://" & strComputer & "/" & sUser & ", user" )
objUser.SetPassword sPwd
objUser.SetInfo

FYI: This is semi-tested code

vgopalap · ‎02-20-2015

I tried this script deployment executes fine but the password is not changing if the built in admin account is disabled and new local admin account has been created. Please let us know how to proceed in this situation

steadhouse · ‎02-16-2015

Such a good solution - thank you!

Script - Reset Local Admin Password

New to Lansweeper?

Try Lansweeper For Free