Of course the big problem is the security. User must be a local admin (to successfully change the Administrator password) and how to encrypt the new password.
There are several options out there. I would suggest that doing it via a login script is probably NOT the best way. Scripting (I know you use the command line...) really is... by "remoting" the change, the concerns about exposing the pw diminish greatly. BUT if you gotta gui: Check out both Desktop Standard (www.desktopstandard.com) and FullArmour (www.fullarmor.com) both companies offer extensions to group policy that support changing the local admin password. You'll be paying for the privilege to use the GUI. Check out TQCRunAs (www.quimeras.com). This is a super cool tool, IMHO. It allows you to "wrap up" any command or script (OK, you'll actually use the NET USER command, but you get to wrap it up using a gui <grin>) within an encrypted package that executes a RunAs... solving many of the issues in your task. Just some thoughts... I'm sure you'll get many others. Actually, now that I think about your suggestion, I'd actually like to build a sample that allows you to do exactly what you suggest using the Active Directory Users & Computers snap-in. Email me directly late next week (dan dot holme at Intelliem dot com) and I'll hash out an example for you, and make it available to everyone else on the list. I'm just swamped now and I know I'll forget. Dan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Haaker, Chris Sent: Monday, June 20, 2005 11:57 AM To: [email protected] Subject: RE: [ActiveDir] Scripts I guess I should have (*) that I always use the GUI. I know there are a lot of WMI hooks in the software though. I just open the computer container, select all, right-click and choose specify local account password. As long as the account you want to change the password for on the local machine are all the same name you can do it in one fell swoop. Chris Haaker ITS Infrastructure x7841 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Monday, June 20, 2005 2:23 PM To: [email protected] Subject: RE: [ActiveDir] Scripts Could we get some more detail on that? I've used Hyena, but I'm not sure how to use that in a scripted fashion. Thanks! Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Haaker, Chris Sent: Monday, June 20, 2005 11:57 AM To: [email protected] Subject: RE: [ActiveDir] Scripts I know of a piece of software that will; Hyena. Chris Haaker ITS Infrastructure x7841 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Sunday, June 19, 2005 5:22 PM To: [email protected] Subject: [ActiveDir] Scripts Does anyone know of a script I can include in the login scripts to change the local admin passwords on the computers in my environment? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
