Ok now that we figured out how to batch change the password. How could we change the name of the local admin act in a similar way
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, August 26, 2004 7:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Local admin acct You either didn't run the ADODB.Stream patch, or you didn't use the Eeye fixer. Or, you've found a really good fix for it. If the latter is the case, could you please email me privately with the fix. I've still got broken apps. Sincerely, D�j� Ak�m�l�f�, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Coleman, Hunter Sent: Thu 8/26/2004 1:29 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Local admin acct I haven't run into that problem on the Win 2000, XP, and 2003 boxes that I tested it on. All were fully patched (but no XP SP2 yet). Maybe I got lucky... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 11:46 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [ActiveDir] Local admin acct The problem with the .hta angle is that one of the recent windows patches broke applications. I don't quite remember exactly which MS04 patch it is, but it is fairly recent. I think it is the download.ject patch, but I could be wrong. In any case, IF you install the patch, your .hta apps are SOL. Now, the reason I proposed the GPO/cusrmgr option is that you will NEVER have to run it manually anymore. Just install a new computer, join it to the domain, reboot, and wham-o, the password is changed. Storing the password "somewhere" is the only draw-back to this. And, while you can use a randomly generated password, it is not elegant because then you will have to always look for means to reset the password to something known, in case of emergency. Sincerely, D�j� Ak�m�l�f�, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Coleman, Hunter Sent: Thu 8/26/2004 6:30 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Local admin acct I worked up a script to do this recently, and wrapped it as an .hta to help minimize the password exposure. It doesn't store the password, but at least it's obfuscated when you enter it. As far as turning it into a constant process, it doesn't seem like this should be the kind of thing that you'd be doing daily. Even if it was a weekly cycle, I'd rather fully automate it but not at the risk of storing the password in clear text where someone could stumble across it. I'll try to get the .hta and readme posted in a public area. Hunter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 25, 2004 5:39 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [ActiveDir] Local admin acct You got me :). Cusrmgr is still the way to go, though. You can do it in batch file as a one-off thing, looping through an input file containing your computernames. Or go the ADSI route, with something like: computername = "thatcomputer" Set chgPass = GetObject("WinNT://" & computername & "/Administrator, user") chgPass.SetPassword "thePassword" chgPass.SetInfo Either way, to make it a constant process, you will have to store the pass somewhere. I'll think of something more elegant. Sincerely, D�j� Ak�m�l�f�, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Sean Johnson Sent: Wed 8/25/2004 1:03 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Local admin acct Unless I'm mistaken everyone has read access to that share, so you're effectively exposing your local admin password to anyone who cares to take a look. On Wed, 25 Aug 2004 12:39:13 -0700, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Get cusrmgr from the Support Tools (or is it Reskit). Put that in the > netlogon share of one of your DCs. > > Then create a batch file with the following: > @Echo off > %logonserver\netlogon\cusrmgr -u administrator -P thepassword goto > :EOF > > Now create (or edit) a GPO that assigns a machine Startup Script and > tell it > to use this batch file. > > Sincerely, > > D�j� Ak�m�l�f�, MCSE MCSA MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of Mike Hogenauer > Sent: Wed 8/25/2004 11:54 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Local admin acct > > Curious does anyone have a script that will change the local admin > password on all computers in the domain or point me to a good location? > > Thank You > > Mike > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
