4 Replies Latest reply on Sep 10, 2009 7:12 PM by zman

    User account password change script Help!!

    Rookie

      Can some please provide me with the LANDesk script that will enable me to change the password of a local account. I will be deploying the script to about 500 devices. The machines are not on an AD domain (all are local accounts). Thanks in advanced!

        • 1. Re: User account password change script Help!!
          MarXtar ITSMMVPGroup

          Try a script like this:

           

          NET USER ACCNAME PASSWORD

           

          Where ACCNAME is the name of the local account and PASSWORD is the new password you want to set.

           

          Use this in a manage scripts or batch file and it should do what you need.

           

          Mark Star - MarXtar LANDesk Enhancements

          Home of Power State Notifier & Wake-On-WAN for LANDesk

          New Updated Power State Notifier Pro!

          1 of 1 people found this helpful
          • 2. Re: User account password change script Help!!
            Apprentice

            We use an Autoit script compiled into an exe.  That might sound hard if you haven't used Autoit, but it is actually quite easy.  We wanted to keep the password a little more secure than using a batch file.  Someone can open the exe in a hex editor and still see the password, but at least it isn't passed over the network in clear text.  We also delete the exe on the local workstations after it runs with a batch file. The execution is competely silent, and we deploy it as a policy based batch software distribution package, and in the GuiRunOnce section of sysprep.  Here is the Autoit code:

             

            ;Date 06/09/09

            ;File: cp.au3
            ;Author:Dan Pixley
            ;Purpose:Change local administrator password on Machines
            ;Other notes:compile this into "cp.exe" using Autoit "Compile script to exe".

             

            TraySetState(2)  ;  Hide the AutoIt systrem tray icon
            RunWait ("net user Administrator some_password","", @SW_HIDE)  ;  use the "net user" DOS command to change the password and hide the window.

             

            Exit

             

            ----

            And here is the batch file that calls it:

             

            @echo on

            cp.exe
            del /F cp.exe

            • 3. Re: User account password change script Help!!
              mrspike SSMMVPGroup

              There is a built in feature (underdocumented) that will allow you to just this very easily!

               

              Right click on any one of the computers that is turned on

               

              Select "Manage Local Users And Group"

               

              Click on the "Clock" icon

               

              Find the local user account in the drop down

               

              Enter the new password

               

               

              Run the job

               

              Done!

              • 4. Re: User account password change script Help!!
                zman Master

                All good options. Some caveats to be aware of.

                 

                1. If you use a batch file, Autoitscript, any script do NOT embed the password in the script.  Passwords will accessible.
                2. If you use a script that accepts the password via command line option, don not put the password in plain text. LANDesk will store this in the sdclient log files.
                3. Change passwords via managed scripts is hard since it is not a policy - hit or miss one time.

                 

                This is what we do. We have created an autoit script that accepts encrypted command line options using this http://www.autoitscript.com/forum/index.php?showtopic=44581&hl=rijndaelau3&st=0 the script deletes the sdclient log files, and updates the password. We also use the description feature of the local account so we can report on whether the password change was succesfull - local administrator description field reads - Changed  06/26/2009. obfuscate the script.

                 

                So if someone gets a hold of the autoitscript and decompiles it - they basically have nothing.