How would I go about changing the HKCU registry for a user other than the current user? I don't have any other information but the user name. I will be using AutoIT for the actual execution, but if it's AutoIT's RegWrite or if I have AutoIT run a command or execute a .reg file is not important. The core problem is accessing the HKCU registry for a different user based on the user name.
I found out how a while ago, I just forgot to update it here:
RunWait("REG" & " LOAD " & "HKU\Pos C:\Users\Pos\NTUSER.DAT", "", #SW_HIDE)
RegWrite("HKEY_USERS\Pos\somewhere", "1", "REG_SZ", $value)
RunWait("REG" & " UNLOAD " & "HKU\Pos", "", #SW_HIDE)
This is basically how it's done. Just load any user hive by using RunWait(). Then do anything to it like it's a normal registry. Then unload the hive.
Something like this should work
$fSIDList = #TEMPDIR & "\sidlist"
RunWait(#COMSPEC & ' /c WMIC useraccount get name,sid > ' & $fSIDList)
$aSIDList = FileReadToArray($fSIDList)
FileDelete($fSIDList)
; Search the array for the username you're interested in, or create a dropdown menu with it
You can use the values returned to access the appropriate subkey in HKEY_USERS
Related
First of all sorry for poor english.
I am using Classic ASP for simple things on my network. I want users to view their domain password expire date on our intranet page. Intranet page runs classic asp.
on CMD or powershell
"net user "username" /domain"
command gives the result. On asp page I need to run this command and read the result of password expire date.
Can you pls help me.
Thanks.
If you redirect output into a text file, you can read the file from asp:
Set w = Server.CreateObject("WScript.Shell")
w.Run "cmd /c net user > c:\temp\output.txt", 0, true ' send output into file
Set s = CreateObject("Scripting.FileSystemObject")
Set f = s.OpenTextFile("c:\temp\output.txt", 1) ' read file
o = f.ReadAll
f.Close
response.write o
Of course, this will require access of asp account to execute given command and
read/write access to the file.
I have a windows script running from a scheduled task, set to run with domain credentials.
It checks the disk space on all of my domain joined servers using WMI.
Set wmi = GetObject("winmgmts:\\" & hostname & "\root\cimv2")
...
Set wmiresults = wmi.ExecQuery("SELECT * FROM Win32_LogicalDisk WHERE Name = '" & _
UCase(diskletter) & ":'")
For Each wmiresult In wmiresults
ptotalspace = Round(CDbl(wmiresult.Size) / 1073741824, 2)
pfreespace = Round(CDbl(wmiresult.Freespace) / 1073741824, 2)
Next
This script works fine for all domain joined servers. But I need to include a non-domain-joined server into this checking, and it fails as the script lacks the necessary permissions on the target server.
I have tried the hacky method of creating a local user account with the same name and password as the domain admin acct, and adding it to local admins, but this didn't work.
Is there a way to allow the script permission to check the server's disks without joining it to the domain, and without having to create a duplicate or version of this script that runs using a local account with permission to perform this check?
The solution is here: Connecting to WMI Remotely with VBScript
Look at option 2 under the heading "To connect to a remote system using VBScript". You can use the SWbemLocator.ConnectServer method to pass different credentials to the connection. It looks like this:
strComputer = "Computer_B"
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer, _
"Root\CIMv2", _
"fabrikam\administrator", _
"password")
Just replace "fabrikam\administrator" and "password" with a username and password that has permission on that machine. Then you can use that objSWbemServices object the same way you were using your wmi object.
That should work if you run it from a machine inside the domain too... I think. Give it a try.
I'm logged in with my Windows 7 to the domain.
I want to programmaticaly change my user's password.
I tried to do "net user /domain" But i've got Access denied error.
I don't want to change it manually (CTRL+ALT+DELETE, change password ...).
I'll be happy to get an answer in command line, python, c++ or c#.
Thanks,
Mattan
Not sure how to include it in C#, but there is Netapi32.dll library that incorporates the NetUserChangePassword function. http://msdn.microsoft.com/en-us/library/windows/desktop/aa370650%28v=vs.85%29.aspx
In python, there are two easy ways to do it. With ctypes you can include it by typing:
from ctypes.wintypes import windll
ChangePassword = windll.Netapi32.NetUserChangePassword
Then change the password by typing:
ChangePassword(domainname, username, oldpass, newpass)
"domainname" could be zero if you want to assign the password on current logon domain.
However, if you already have windows tools for python istalled, then you could use win32net to change the password:
import win32net
win32net.NetUserChangePassword(domainname, username, oldpass, newpass)
Again, 0 can be used instead of domain name.
You can use the simple VB script (named changepass.vbs):
Dim UserDomain
Dim UserName
Dim NewPassword
UserDomain = WScript.Arguments.Item(0)
UserName = WScript.Arguments.Item(1)
NewPassword = WScript.Arguments.Item(2)
Set User = GetObject("WinNT://"& UserDomain &"/"& UserName & "")
Call User.SetPassword(NewPassword)
If err.number = 0 Then
Wscript.Echo "The password change was successful."
Else
Wscript.Echo "The password change failed!"
End if
It accepts 3 parameters: domain name, user name and a new password. The current user must have permissions to change the password. If you want to change password on the local computer provide "." as a domain name. Example:
cscript changepass.vbs "YOUR_DOMAIN" "user1" "qw23442q"
I am trying to get a script to run for a local user while logged in to have there user account require them to change their password once they log of then log back in. I have about 40 different users that all have there own local internet connection so i don't have active directory for these computers where i can easily set this. I want to be able to push out a script through remote access that will preform this action (having to reset their password).
The user account name that I am trying to run the script for is called: Ual-Lab-Tech
The script I am running is:
' Bind to local user object.
Set objUser = GetObject("Ual-Lab-Tech")
' Require password change at next logon.
objUser.PasswordExpired = 1
objUser.SetInfo
However when I run the script I am getting an error:
Script: C:\\Users\UAL-Lab-Tech\Desktop\change password at logon.vbs
Line: 2
Char: 1
Error: Invalid syntax
Code: 800401E4
Source (null)
What am I doing wrong?
The sample above is for local accounts.
For an AD account you have to use ADSI like this:
Set objUser = GetObject ("LDAP://CN=username,CN=Users,DC=domain,DC=local")
objUser.Put "PasswordExpired", 1
objUser.SetInfo
You will find a working sample here:
strComputer = "atl-win2k-01"
Set objUser = GetObject("WinNT://" & strComputer & "/kenmyer ")
objUser.Put "PasswordExpired", 1
objUser.SetInfo
I need to create a .VBS script to reset the Windows local administrator password on a large group of computers. My problem is that some of our sites have renamed the administrator account for security reasons. Does anyone have a script which changes the password of the administrator account based on the SID of the original Administrator account?
Using the fact that local admin's SID always ends with -500:
strComputer="." ' local computer by default
Set objUser=GetObject("WinNT://" & strComputer & "/" & GetAdminName & ",user")
objUser.SetPassword "New local admin password"
objUser.SetInfo
Function GetAdminName
'This function was written using information from Table J.1 from the Windows XP resource Kit
'http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prnc_sid_cids.asp
Set objNetwork = CreateObject("Wscript.Network") 'get the current computer name
objComputerName = objNetwork.ComputerName
Set objwmi = GetObject("winmgmts:{impersonationLevel=impersonate}!//" & objComputerName)
qry = "SELECT * FROM Win32_Account where Domain = '" & cstr(objComputerName) & "'"
'set query, making sure to only look at local computer
For Each Admin in objwmi.ExecQuery(qry)
if (left(admin.sid, 6) = "S-1-5-" and right(admin.sid,4) = "-500") then 'look for admin sid
GetAdminName = admin.name
end if
next
end Function
There's a tool floating around somewhere called LookupAccountName (with source!) that given the SID of the builtin adminitrator will give you its name.
You're probably going to end up writing C++ code to pull this one off reasonably well.
Like Joshua says, I don't think you can do this with windows scripting host only, you could use it download something and execute it:
A custom app that calls LookupAccountSid(S-1-5-domain-500 SID or enum admin group)+NetUserSetInfo to reset the password (Needs to run this as admin)
http://home.eunet.no/pnordahl/ntpasswd/ (Reset at boot)
Dump the SAM hashes and crack the password (Cain,John the Ripper,L0phtCrack etc)
#DmitryK's answer is good, and I didn't know any of that stuff. But I do know that this sort of thing is usually cleaner in PowerShell, so I ported it.
For example, the whole GetAdminName function can be written:
$adminName = (gwmi win32_account | ? { $.SID.StartsWith( 'S-1-5-' ) -and $.SID.EndsWith( '-500' ) }).Name
(Add the -ComputerName option to the gwmi call to do this on a server.)
The rest becomes:
$user = ([ADSI]"WinNT://$($env:COMPUTERNAME)/$adminName,User")
$user.SetPassword( 'xxx' )
$user.SetInfo()
(applying the appropriate computer name as needed, of course.)