"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:OU5T%23uNnJHA.3504@TK2MSFTNGP06.phx.gbl...
> Tom wrote:
>
>> I am trying to write vb script to change the local admin password.
>> As of now I have this and it does the job.
>>
>> strComputer = "."
>>    Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
>>    objUser.SetPassword "1234"
>>
>> I would like to add an If statement that if the password is already 1234
>> then it should exit.
>>
>
> You can not read the current password. The only way to tell the current
> value is to try to authenticate with an candidate value and trap the error
> if the candidate is wrong. If there is no error, you have the correct
> password. In VBScript you could attempt to bind to something with
> alternate credentials. Of course you up the bad password count so you
> could contribute to an account lockout.
>
> And, it seems like it shouldn't matter, except for when the password will
> next expire.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
>

"Tom" <partner1***@yahoo.com> wrote in message
news:eQz7VtOnJHA.4904@TK2MSFTNGP02.phx.gbl...
> Richard,
> Thank you for your your response.
>
> Would you mind provide the syntax of how to do that?
> In addition, I would like to know on which machine the password has
> changed.
> I will run the script via GPO in the startup script.
>
> Is it possible? if yes, how?
>
> Thank you for your time,
>
> Tom
>
> "Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
> message news:OU5T%23uNnJHA.3504@TK2MSFTNGP06.phx.gbl...
>> Tom wrote:
>>
>>> I am trying to write vb script to change the local admin password.
>>> As of now I have this and it does the job.
>>>
>>> strComputer = "."
>>>    Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
>>>    objUser.SetPassword "1234"
>>>
>>> I would like to add an If statement that if the password is already 1234
>>> then it should exit.
>>>
>>
>> You can not read the current password. The only way to tell the current
>> value is to try to authenticate with an candidate value and trap the
>> error if the candidate is wrong. If there is no error, you have the
>> correct password. In VBScript you could attempt to bind to something with
>> alternate credentials. Of course you up the bad password count so you
>> could contribute to an account lockout.
>>
>> And, it seems like it shouldn't matter, except for when the password will
>> next expire.
>>
>> --
>> Richard Mueller
>> MVP Directory Services
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>>
>
>

"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:eDCvVkTnJHA.1168@TK2MSFTNGP05.phx.gbl...
> First, I would change the local administrator password myself remotely,
> rather than in a startup script, so I know when the password is changed.
> That probably is part of your problem. In a way, who cares what the
> password is now, just set it to the correct value. In place of strComputer
> = ".", use the NetBIOS name of the computer and you can run the
> SetPassword method remotely if you are a member of the local
> Administrators group. By default, the group Domain Admins is added to the
> local Administrators group when the computer is joined to the domain.
>
> To answer your question, I think an example using the WinNT provider would
> be:
> ===========
> Const ADS_SECURE_AUTHENTICATION = &H1
>
> strAdsPath = "WinNT://MyComputer/Administrator,user"
> strUser = "MyDomain\MyUserName"
> strPassword = "xYz$312w"
>
> Set objNS = GetObject("WinNT:")
> Set objUser = objNS.OpenDSObject(strAdsPath, strUser, strPassword,
> ADS_SECURE_AUTHENTICATION)
> ===========
> Again, you would need to trap the error on the "Set objUser" statement to
> check if the password were wrong.
>
> You might want to use this example VBScript program to reset the
> Administrator password on all computers in bulk:
>
> http://www.rlmueller.net/Reset_Local_Admin_Passwords.htm
>
> The program logs which computers could not have the password reset, etc.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
> "Tom" <partner1***@yahoo.com> wrote in message
> news:eQz7VtOnJHA.4904@TK2MSFTNGP02.phx.gbl...
>> Richard,
>> Thank you for your your response.
>>
>> Would you mind provide the syntax of how to do that?
>> In addition, I would like to know on which machine the password has
>> changed.
>> I will run the script via GPO in the startup script.
>>
>> Is it possible? if yes, how?
>>
>> Thank you for your time,
>>
>> Tom
>>
>> "Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
>> message news:OU5T%23uNnJHA.3504@TK2MSFTNGP06.phx.gbl...
>>> Tom wrote:
>>>
>>>> I am trying to write vb script to change the local admin password.
>>>> As of now I have this and it does the job.
>>>>
>>>> strComputer = "."
>>>>    Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
>>>>    objUser.SetPassword "1234"
>>>>
>>>> I would like to add an If statement that if the password is already
>>>> 1234 then it should exit.
>>>>
>>>
>>> You can not read the current password. The only way to tell the current
>>> value is to try to authenticate with an candidate value and trap the
>>> error if the candidate is wrong. If there is no error, you have the
>>> correct password. In VBScript you could attempt to bind to something
>>> with alternate credentials. Of course you up the bad password count so
>>> you could contribute to an account lockout.
>>>
>>> And, it seems like it shouldn't matter, except for when the password
>>> will next expire.
>>>
>>> --
>>> Richard Mueller
>>> MVP Directory Services
>>> Hilltop Lab - http://www.rlmueller.net
>>> --
>>>
>>>
>>
>>
>
>