#126655 - 2004-09-14 12:20 PM
Two Questions
|
howyadoing
Getting the hang of it
Registered: 2002-06-01
Posts: 86
Loc: Cincinnati
|
1. I have an admin script that does x. I want to do x to 90% of the machines in the domain but not all including the servers. There are 2000 machines and many pc techs so some of the computer names change weekly. I can export a new list of computers everytime I want to do x or is there a UDF that can work with the ldap path? All of these machines are in one area of AD.
2. I want to write and computer startup script to change the local administrator password on computers using renameadmin.exe. The following is what I am using from my admin computer. This works but it is a little complicated in the fact that I have to run it every day and check to see what machines it does not get until I get them all. I also have to update the computer list regurarly because of name changes. Ideally I would write a script with the passwords encrypted and based on @date the password would get reset. Is there a way to use @pwage to get the age of the password for that admin without being logged in as that local admin? If not can it be written so when the password is changed it writes the date to a line in a file then each time the script runs it would read the line to see when it ran last and run if needed. If there are multiple lines of dates that the admin password has been changed can you write the readline part to only look at the last line so you are looking at the last date changeg? When you write a line during a password change, the next time the password is changed will it write the next line below the first entry or next to the first?
Thanks in advance
Code:
Break ON ;Debug ON ;Password Note: This should be the local admin Password of the remote PC's. ;Special Note: @, %, $ are special characters. ;If your Password contains them please type them twice In a row. ;EX: "$Test@_$" = "$$Test@@_$$" Remember, they are inforcing a Password scheme now.
$PWD = "test" If Open (1,"PCLIST.TXT",0) = 0 $LINEINFO = ReadLine(1) While @ERROR = 0 ? "PCNAME: $LINEINFO" ? Shell '%COMSPEC% /C renameadmin --computer \\$LINEINFO --pwd $PWD' Select Case @ERROR = "0" ? "Successful" Shell "%COMSPEC% /C echo $LINEINFO,Success>> admin_log.csv" Case @ERROR = "53" ? "No PC Found" Shell "%COMSPEC% /C echo $LINEINFO,No PC Found>> admin_log.csv" Case @ERROR = "5" ? "Access Denied" Shell "%COMSPEC% /C echo $LINEINFO,Access Denied>> admin_log.csv" Case @ERROR = "2245" ? "Invalid Password" Shell "%COMSPEC% /C echo $LINEINFO,Invalid Password>> admin_log.csv" Case 1 ? "Weird Error" Shell "%COMSPEC% /C echo $LINEINFO,Weird Error>> admin_log.csv" EndSelect $LINEINFO = ReadLine(1) ? Loop $RC = Close (1) Else Exit 0 EndIf Exit 0
|
Top
|
|
|
|
#126661 - 2004-09-14 05:03 PM
Re: Two Questions
|
howyadoing
Getting the hang of it
Registered: 2002-06-01
Posts: 86
Loc: Cincinnati
|
Thanks for the help. Below is what I ended up with and it works. Ideally I would like to run a startup script to change the local admin password. I would like to do it on password age but I dont think I will be able to. I also dont think its a good idea to run the script everytime the computer starts on the network and reset the password every time. Any suggestions on how I can change the administrator password through a startup script. This way works fine but how do you handle the machines that were out of the office when you ran the script? Right now I am in a situtation that an employee left the company so I will use this today.
Code:
$objConnection = CreateObject("ADODB.Connection") $objCommand = CreateObject("ADODB.Command") $objConnection.Provider = "ADsDSOObject" $objConnection.Open("Active Directory Provider") $objCommand.ActiveConnection = $objConnection
$objCommand.CommandText = "SELECT Name FROM " + "'LDAP://ou=gp test,ou=cincinnati - 11499,ou=united states,ou=Offices,dc=na,dc=ipsos' WHERE objectCategory='computer'" $objCommand.Properties("Page Size").Value = 100 $objCommand.Properties("Search Scope").Value = 2 $objCommand.Properties("Cache Results").Value = Not 1
$objRecordSet = $objCommand.Execute() $objRecordSet.MoveFirst while not $objRecordSet.EOF $curComputer = $objRecordSet.Fields("Name").Value ? $curComputer
$PWD = "test" Shell '%COMSPEC% /C renameadmin --computer \\$CurComputer --pwd $PWD' Select Case @ERROR = "0" ? "Successful" Shell "%COMSPEC% /C echo $CurComputer,Success>> admin_log.csv" Case @ERROR = "53" ? "No PC Found" Shell "%COMSPEC% /C echo $CurComputer,No PC Found>> admin_log.csv" Case @ERROR = "5" ? "Access Denied" Shell "%COMSPEC% /C echo $CurComputer,Access Denied>> admin_log.csv" Case @ERROR = "2245" ? "Invalid Password" Shell "%COMSPEC% /C echo $CurComputer,Invalid Password>> admin_log.csv" Case 1 ? "Weird Error" Shell "%COMSPEC% /C echo $CurComputer,Weird Error>> admin_log.csv" EndSelect $objRecordSet.MoveNext Loop EXIT
|
Top
|
|
|
|
#126664 - 2004-09-14 06:08 PM
Re: Two Questions
|
howyadoing
Getting the hang of it
Registered: 2002-06-01
Posts: 86
Loc: Cincinnati
|
I was going to encrypt the password with renameadmin.exe first. The script posted is only for me to run on my admin computer.
|
Top
|
|
|
|
#126667 - 2004-09-14 07:18 PM
Re: Two Questions
|
howyadoing
Getting the hang of it
Registered: 2002-06-01
Posts: 86
Loc: Cincinnati
|
Computer scripts are nice because they run with the powers of local admin. But the encryption idea I might need to rethink.. This script works other than it seems to be in seconds? The value I got was 18828185
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
1 registered
(Allen)
and 466 anonymous users online.
|
|
|