Reset password for renamed Administrator account - windows

I need to create a .VBS script to reset the Windows local administrator password on a large group of computers. My problem is that some of our sites have renamed the administrator account for security reasons. Does anyone have a script which changes the password of the administrator account based on the SID of the original Administrator account?

Using the fact that local admin's SID always ends with -500:
strComputer="." ' local computer by default
Set objUser=GetObject("WinNT://" & strComputer & "/" & GetAdminName & ",user")
objUser.SetPassword "New local admin password"
objUser.SetInfo
Function GetAdminName
'This function was written using information from Table J.1 from the Windows XP resource Kit
'http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prnc_sid_cids.asp
Set objNetwork = CreateObject("Wscript.Network") 'get the current computer name
objComputerName = objNetwork.ComputerName
Set objwmi = GetObject("winmgmts:{impersonationLevel=impersonate}!//" & objComputerName)
qry = "SELECT * FROM Win32_Account where Domain = '" & cstr(objComputerName) & "'"
'set query, making sure to only look at local computer
For Each Admin in objwmi.ExecQuery(qry)
if (left(admin.sid, 6) = "S-1-5-" and right(admin.sid,4) = "-500") then 'look for admin sid
GetAdminName = admin.name
end if
next
end Function

There's a tool floating around somewhere called LookupAccountName (with source!) that given the SID of the builtin adminitrator will give you its name.
You're probably going to end up writing C++ code to pull this one off reasonably well.

Like Joshua says, I don't think you can do this with windows scripting host only, you could use it download something and execute it:
A custom app that calls LookupAccountSid(S-1-5-domain-500 SID or enum admin group)+NetUserSetInfo to reset the password (Needs to run this as admin)
http://home.eunet.no/pnordahl/ntpasswd/ (Reset at boot)
Dump the SAM hashes and crack the password (Cain,John the Ripper,L0phtCrack etc)

#DmitryK's answer is good, and I didn't know any of that stuff. But I do know that this sort of thing is usually cleaner in PowerShell, so I ported it.
For example, the whole GetAdminName function can be written:
$adminName = (gwmi win32_account | ? { $.SID.StartsWith( 'S-1-5-' ) -and $.SID.EndsWith( '-500' ) }).Name
(Add the -ComputerName option to the gwmi call to do this on a server.)
The rest becomes:
$user = ([ADSI]"WinNT://$($env:COMPUTERNAME)/$adminName,User")
$user.SetPassword( 'xxx' )
$user.SetInfo()
(applying the appropriate computer name as needed, of course.)

Related

How to run WMI commands on non-domain-joined server from script running using domain admin credentials

I have a windows script running from a scheduled task, set to run with domain credentials.
It checks the disk space on all of my domain joined servers using WMI.
Set wmi = GetObject("winmgmts:\\" & hostname & "\root\cimv2")
...
Set wmiresults = wmi.ExecQuery("SELECT * FROM Win32_LogicalDisk WHERE Name = '" & _
UCase(diskletter) & ":'")
For Each wmiresult In wmiresults
ptotalspace = Round(CDbl(wmiresult.Size) / 1073741824, 2)
pfreespace = Round(CDbl(wmiresult.Freespace) / 1073741824, 2)
Next
This script works fine for all domain joined servers. But I need to include a non-domain-joined server into this checking, and it fails as the script lacks the necessary permissions on the target server.
I have tried the hacky method of creating a local user account with the same name and password as the domain admin acct, and adding it to local admins, but this didn't work.
Is there a way to allow the script permission to check the server's disks without joining it to the domain, and without having to create a duplicate or version of this script that runs using a local account with permission to perform this check?
The solution is here: Connecting to WMI Remotely with VBScript
Look at option 2 under the heading "To connect to a remote system using VBScript". You can use the SWbemLocator.ConnectServer method to pass different credentials to the connection. It looks like this:
strComputer = "Computer_B"
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer, _
"Root\CIMv2", _
"fabrikam\administrator", _
"password")
Just replace "fabrikam\administrator" and "password" with a username and password that has permission on that machine. Then you can use that objSWbemServices object the same way you were using your wmi object.
That should work if you run it from a machine inside the domain too... I think. Give it a try.

Sharing INSTALLDIR windows folder in InstallShield

I want to share my setup directory in installshield. I did some search and found a VB Script and a CMD Command:
Option Explicit
Const FILE_SHARE = 0
Const MAXIMUM_CONNECTIONS = 25
Dim objShare
'Connect to WMI
Dim objWMIService: Set objWMIService = _
GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
'Query share names for existing share
Dim colShares: Set colShares = objWMIService.ExecQuery _
("Select * from Win32_Share Where Name = 'MyShare'")
'Delete share if one exists with the same name already
For Each objShare in colShares
objShare.Delete
Next
'Create new share
Dim objNewShare: Set objNewShare = objWMIService.Get("Win32_Share")
Dim strFilePath: strFilePath = Session.Property("CustomActionData")
strFilePath = Left(strFilePath, Len(strFilePath) - 1)
objNewShare.Create strFilePath, "MyShare", _
FILE_SHARE, MAXIMUM_CONNECTIONS, "MyShare"
cmd command:
net share sharename=[INSTALLDIR]
When i run VBScript i don't see any error but I can't share my folder.
When i run cmd command, command can't share because it requires admin privilege; but I am not sure, how i can provide admin privilege to it;
can i share folder? how?
Try. You need to have access rights on location that you are trying to share.
net share Share=E:\Shared /Grant:Everyone,full
Note: You can change the share rights based on your need. This is strictly an example.
i found a very simple solution. i went in file and folders tab and right clicked on installdir an then in sharing tab i checked Share Folder check box and Finish! Very Simple Without code and Command!

Changing user settings in the registry for other than current user

How would I go about changing the HKCU registry for a user other than the current user? I don't have any other information but the user name. I will be using AutoIT for the actual execution, but if it's AutoIT's RegWrite or if I have AutoIT run a command or execute a .reg file is not important. The core problem is accessing the HKCU registry for a different user based on the user name.
I found out how a while ago, I just forgot to update it here:
RunWait("REG" & " LOAD " & "HKU\Pos C:\Users\Pos\NTUSER.DAT", "", #SW_HIDE)
RegWrite("HKEY_USERS\Pos\somewhere", "1", "REG_SZ", $value)
RunWait("REG" & " UNLOAD " & "HKU\Pos", "", #SW_HIDE)
This is basically how it's done. Just load any user hive by using RunWait(). Then do anything to it like it's a normal registry. Then unload the hive.
Something like this should work
$fSIDList = #TEMPDIR & "\sidlist"
RunWait(#COMSPEC & ' /c WMIC useraccount get name,sid > ' & $fSIDList)
$aSIDList = FileReadToArray($fSIDList)
FileDelete($fSIDList)
; Search the array for the username you're interested in, or create a dropdown menu with it
You can use the values returned to access the appropriate subkey in HKEY_USERS

How to change my DC password

I'm logged in with my Windows 7 to the domain.
I want to programmaticaly change my user's password.
I tried to do "net user /domain" But i've got Access denied error.
I don't want to change it manually (CTRL+ALT+DELETE, change password ...).
I'll be happy to get an answer in command line, python, c++ or c#.
Thanks,
Mattan
Not sure how to include it in C#, but there is Netapi32.dll library that incorporates the NetUserChangePassword function. http://msdn.microsoft.com/en-us/library/windows/desktop/aa370650%28v=vs.85%29.aspx
In python, there are two easy ways to do it. With ctypes you can include it by typing:
from ctypes.wintypes import windll
ChangePassword = windll.Netapi32.NetUserChangePassword
Then change the password by typing:
ChangePassword(domainname, username, oldpass, newpass)
"domainname" could be zero if you want to assign the password on current logon domain.
However, if you already have windows tools for python istalled, then you could use win32net to change the password:
import win32net
win32net.NetUserChangePassword(domainname, username, oldpass, newpass)
Again, 0 can be used instead of domain name.
You can use the simple VB script (named changepass.vbs):
Dim UserDomain
Dim UserName
Dim NewPassword
UserDomain = WScript.Arguments.Item(0)
UserName = WScript.Arguments.Item(1)
NewPassword = WScript.Arguments.Item(2)
Set User = GetObject("WinNT://"& UserDomain &"/"& UserName & "")
Call User.SetPassword(NewPassword)
If err.number = 0 Then
Wscript.Echo "The password change was successful."
Else
Wscript.Echo "The password change failed!"
End if
It accepts 3 parameters: domain name, user name and a new password. The current user must have permissions to change the password. If you want to change password on the local computer provide "." as a domain name. Example:
cscript changepass.vbs "YOUR_DOMAIN" "user1" "qw23442q"

How to set Authentication Methods in IIS programmatically

We are working on automating the deployment of some IIS applications. I've used cscript.exe inside a windows batch file to create the web app and such. There are however a few settings currently done by hand that I need to automate. Namely, if you look at the properties of an app, under Directory Structure -> Authentication and access control -> Edit, I need to uncheck Enable anonymous access and check Integrated Windows authentication.
Is there an easy way to do this from a windows batch file?
EDIT: I should clarify this is IIS 6.0, so appcmd is not available.
hope this helpes:
http://forums.iis.net/t/1159665.aspx
I answered a very similar question a wee while back. The example uses the asdutil.vbs tool which you can call from your batch file:
Setting NTAuthenticationProviders at an Application level in IIS 6 (Stack Overflow)
Updated:
Because you've already got a CScript script to create the website, you can just set the AuthFlags in the script:
'' Some values just as an example
iisNumber = 668
ipAddress = "172.16.3.200"
hostName = "myserver.com"
wwwfolder = "c:\mysites\www"
Dim serverBindings(1)
serverBindings(0) = ipAddress & ":80:www." & hostName
serverBindings(1) = ipAddress & ":80:" & hostName
'' Create server
Set w3svc = GetObject("IIS://localhost/w3svc")
Set newWebServer = w3svc.Create("IIsWebServer", iisNumber)
newWebServer.ServerBindings = serverBindings
newWebServer.ServerComment = "Server is: " & hostName
newWebServer.SetInfo
'' Create /root app
Set rootApp = newWebServer.Create("IIsWebVirtualDir", "ROOT")
rootApp.Path = wwwFolder
rootApp.AccessRead = true
rootApp.AccessScript = true
rootApp.AppCreate(True)
rootApp.AuthFlags = 4 '' <== Set AuthFlags here
rootApp.SetInfo
See Configure Windows Authentication (IIS 7):
appcmd set config /section:windowsAuthentication /enabled:true | false
For IIS 6 probably WMI is the alternative:
Creating Sites and Virtual Directories, and Setting Properties Using WMI
IIsWebServiceSetting (WMI)
AuthFlags
Dim sSitePath = "1" 'Set the site ID here
Set oSite = GetObject("IIS://localhost/" & sSitePath & "/root")
Select Case oSite.AuthFlags
Case 1
Wscript.Echo "Anonymous"
Case 2
Wscript.Echo "Basic"
Case 4
Wscript.Echo "NTLM"
Case 6
Wscript.Echo "MD5"
Case 64
Wscript.Echo "Passport"
End Select

Resources