cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Script - Reset Local Admin Password

Bert_D
Lansweeper Employee
Lansweeper Employee
Looks up the name of the Local Administrator and resets the password.

Rem: You need to add the password as a parameter.
Rem: If you do not add a password parameter, the password is default set to: !NewCompl3xP@ssword!

Rem: Copy the code below and save it as Reset_Local_Admin_Password.vbs at the {PackageShare}\Scripts folder


On Error Resume Next
strComputer = "."

Set oShell = CreateObject("WScript.Shell")
sUser = "Administrator"
sPwd = "!NewCompl3xP@ssword!"

Set Arg = WScript.Arguments
If Arg.Count > 0 Then
sPwd = Arg(0) 'Pass the password as parameter to the script
End if

'Get the administrator name
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_UserAccount Where LocalAccount = True")
For Each objItem in colItems
sidAdmin = objItem.SID
if trim(right(sidAdmin, 3)="500") and trim(left(sidAdmin,9)="S-1-5-21-") then

'Echo = echo & "Name: " & objItem.Name & vbcrlf
'Echo = echo & "SID: " & sidAdmin
sUser = objItem.Name
Set oUser = GetObject("WinNT://" & strComputer & "/" & sUser)

' Set the password
oUser.SetPassword sPwd
oUser.Setinfo

exit for
end if
Next
If it ain't broke, don't fix it.
17 REPLIES 17

pixa241
Engaged Sweeper II
We have thin clients not on the domain and locked down pretty tight as far as remote access, each thin client has a password specific to itself based on the Host Name, but all usernames are the same, could I possibly use this script to change the password for all those thin clients? Our password is my%hostname%password, could I just put that variable in the script?

Bert_D
Lansweeper Employee
Lansweeper Employee
No it is not.
To make it more secure, you could add an decryption method to the script and pass the password encrypted.

In the end, the script will still be readable by everyone who has access to the share where the file resides.
If it ain't broke, don't fix it.

TaherMD
Engaged Sweeper
Bert.D wrote:
No it is not.
To make it more secure, you could add an decryption method to the script and pass the password encrypted.

In the end, the script will still be readable by everyone who has access to the share where the file resides.


Hi, Could you please share how we could achieve this. (Sending an encrypted password and then decrypting it at the workstation.

Thanks.

TaherMD wrote:
Bert.D wrote:
No it is not.
To make it more secure, you could add an decryption method to the script and pass the password encrypted.

In the end, the script will still be readable by everyone who has access to the share where the file resides.


Hi, Could you please share how we could achieve this. (Sending an encrypted password and then decrypting it at the workstation.

Thanks.


Microsoft has you covered with LAPS:
https://www.microsoft.com/en-us/download/details.aspx?id=46899

willpolley
Engaged Sweeper
If you send the password as an Arg, is it sent in a secure fashion?

Bert_D
Lansweeper Employee
Lansweeper Employee
This script is designed to change the password of the default LocalAccount.

If you want to change the password of a user, you could try something like this.
(FYI: I'm assuming you know the username)


strComputer = "."
sUser = "YourUser"
sPwd = "!NewCompl3xP@ssword!"
Set objUser = GetObject("WinNT://" & strComputer & "/" & sUser & ", user" )
objUser.SetPassword sPwd
objUser.SetInfo



FYI: This is semi-tested code
If it ain't broke, don't fix it.

vgopalap
Engaged Sweeper
I tried this script deployment executes fine but the password is not changing if the built in admin account is disabled and new local admin account has been created. Please let us know how to proceed in this situation

steadhouse
Engaged Sweeper
Such a good solution - thank you!