1 of 1 people found this helpful
Try a script like this:
NET USER ACCNAME PASSWORD
Where ACCNAME is the name of the local account and PASSWORD is the new password you want to set.
Use this in a manage scripts or batch file and it should do what you need.
Mark Star - MarXtar LANDesk Enhancements
Home of Power State Notifier & Wake-On-WAN for LANDesk
New Updated Power State Notifier Pro!
We use an Autoit script compiled into an exe. That might sound hard if you haven't used Autoit, but it is actually quite easy. We wanted to keep the password a little more secure than using a batch file. Someone can open the exe in a hex editor and still see the password, but at least it isn't passed over the network in clear text. We also delete the exe on the local workstations after it runs with a batch file. The execution is competely silent, and we deploy it as a policy based batch software distribution package, and in the GuiRunOnce section of sysprep. Here is the Autoit code:
;Purpose:Change local administrator password on Machines
;Other notes:compile this into "cp.exe" using Autoit "Compile script to exe".
TraySetState(2) ; Hide the AutoIt systrem tray icon
RunWait ("net user Administrator some_password","", @SW_HIDE) ; use the "net user" DOS command to change the password and hide the window.
And here is the batch file that calls it:
del /F cp.exe
There is a built in feature (underdocumented) that will allow you to just this very easily!
Right click on any one of the computers that is turned on
Select "Manage Local Users And Group"
Click on the "Clock" icon
Find the local user account in the drop down
Enter the new password
Run the job
All good options. Some caveats to be aware of.
- If you use a batch file, Autoitscript, any script do NOT embed the password in the script. Passwords will accessible.
- If you use a script that accepts the password via command line option, don not put the password in plain text. LANDesk will store this in the sdclient log files.
- Change passwords via managed scripts is hard since it is not a policy - hit or miss one time.
This is what we do. We have created an autoit script that accepts encrypted command line options using this http://www.autoitscript.com/forum/index.php?showtopic=44581&hl=rijndaelau3&st=0 the script deletes the sdclient log files, and updates the password. We also use the description feature of the local account so we can report on whether the password change was succesfull - local administrator description field reads - Changed 06/26/2009. obfuscate the script.
So if someone gets a hold of the autoitscript and decompiles it - they basically have nothing.