Question on two different scripts to change local admin password "Jason W." <jasonwilliams74[ at ]gmail.com> 5/11/2007 12:12:44 AM Ok...as my education continues into the world of scripting (still a infant here), I have some questions. I need to reset the password of all the local domain accounts on our servers. I thought a script + GPO would be a handy method. Since I am pretty new at scripting, I decided to google for some suggestions and came up with a few interesting things and wanted to ask some questions here. First, I found this one from 'The Scripting guy': Set objOU = GetObject("LDAP://OU=Finance, DC=fabrikam, DC=com") objOU.Filter = Array("Computer") For Each objItem in objOU strComputer = objItem.CN Set objUser = GetObject("WinNT://" & strComputer & "/ Administrator") objUser.SetPassword("i5A2sj*!") Next You change the OU and Domain as you suggested. Which brings a quick question. Suppose your OU has spaces. Something like: Server bin Does that change how you set it up in the script? Do you need to quote it within the quotes? That script seems fairly straightforward. Then I found this one: '--------------------------------------------------------------------------­----- ' Initialization - Declare variables '--------------------------------------------------------------------------­----- Dim fsoIn, fsoOut Dim inFile, outFile Dim arrComputerNames Dim objUser Dim strComputer Dim newPassword Dim ErrorOccurred Const ForReading = 1 Const ForWriting = 2 Const ForAppending = 8 Const inFilename = "servers.txt" Const outFilename = "ChangePwdServers.log" '--------------------------------------------------------------------------­----- ' Main script '--------------------------------------------------------------------------­----- On Error Resume Next ErrorOccurred = False ' Insert WARNING here... Msgbox ("WARNING: This script will change the local administrator password for every " & _ "computer listed in SERVERS.TXT. If any services are running with the local " & _ "administrator credentials, those services must be updated, or they won't " & _ "start on the next boot. For this script to work, you must have administrative " & _ "privileges on all of the remote computers you are changing the password for.") ' Get new password newPassword = Inputbox ("Please enter the new password.") ' Open the input file and skip the header line Set fsoIn = CreateObject("scripting.filesystemobject") Set inFile = fsoIn.OpenTextFile(inFilename, ForReading, True) inFile.Skipline ' Open the log file (append mode) and timestamp the entry Set fsoOut = CreateObject("scripting.filesystemobject") Set outFile = fsoOut.OpenTextFile(outFilename, ForAppending, True) outFile.writeline (Now & vbTab & "Starting script...") While Not inFile.AtEndOfStream arrComputerNames = Split(inFile.Readline, vbTab, -1, 1) ' arrComputerNames(0) contains the computer name strComputer = arrComputerNames(0) ' Connect to the computer\administrator account Set objUser = GetObject("WinNT://" & strComputer & "/ Administrator, user") If Err.Number <> 0 Then outFile.writeline Now & vbTab & "Error connecting to " & strComputer & " --- " & Err.Description Err.Clear ErrorOccurred = True Else ' Set the password for the account objUser.SetPassword newPassword objUser.SetInfo If Err.Number <> 0 Then outFile.writeline Now & vbTab & "Error setting password for " & strComputer & _ "\Administrator" & " --- " & Err.Description Err.Clear ErrorOccurred = True Else outFile.writeline (Now & vbTab & "Password set for " & strComputer & "\Administrator") End If End If Wend ' Clean up the environment outFile.writeline (Now & vbTab & "Ending script...") inFile.close outFile.close If ErrorOccurred Then msgbox "Script completed with errors. Please check the log file." Else MsgBox "Script completed successfully." End If Ok...not only is it VERY complex for me, but why the huge need for code for something like this? You look at the first one and it seems straightforward and easy. The second, looks like a lot of extra, possibly unnecessary work. I thought i'd start here. Thanks, Jas

Re: Question on two different scripts to change local admin password "Al Dunbar" <AlanDrub[ at ]hotmail.com.nospaam> 5/12/2007 4:07:23 AM "Jason W." <jasonwilliams74[ at ]gmail.com> wrote in message news:1178842364.946860.308330[ at ]q75g2000hsh.googlegroups.com... Ok...as my education continues into the world of scripting (still a infant here), I have some questions. I need to reset the password of all the local domain accounts on our servers. I thought a script + GPO would be a handy method. Since I am pretty new at scripting, I decided to google for some suggestions and came up with a few interesting things and wanted to ask some questions here. First, I found this one from 'The Scripting guy': Set objOU = GetObject("LDAP://OU=Finance, DC=fabrikam, DC=com") objOU.Filter = Array("Computer") For Each objItem in objOU strComputer = objItem.CN Set objUser = GetObject("WinNT://" & strComputer & "/ Administrator") objUser.SetPassword("i5A2sj*!") Next You change the OU and Domain as you suggested. Which brings a quick question. Suppose your OU has spaces. Something like: Server bin Does that change how you set it up in the script? Do you need to quote it within the quotes? ==> spaces are not a problem, but if your OU name contains a comma, you need to quote it with, I believe a backslash. That script seems fairly straightforward. ==> just don't leave it or hard copies of it lying around, else your entire domain will be taken over by anybody who can guess the new password. Then I found this one: '--------------------------------------------------------------------------­----- ' Initialization - Declare variables '--------------------------------------------------------------------------­----- Dim fsoIn, fsoOut Dim inFile, outFile Dim arrComputerNames Dim objUser Dim strComputer Dim newPassword Dim ErrorOccurred Const ForReading = 1 Const ForWriting = 2 Const ForAppending = 8 Const inFilename = "servers.txt" Const outFilename = "ChangePwdServers.log" '--------------------------------------------------------------------------­----- ' Main script '--------------------------------------------------------------------------­----- On Error Resume Next ErrorOccurred = False ' Insert WARNING here... Msgbox ("WARNING: This script will change the local administrator password for every " & _ "computer listed in SERVERS.TXT. If any services are running with the local " & _ "administrator credentials, those services must be updated, or they won't " & _ "start on the next boot. For this script to work, you must have administrative " & _ "privileges on all of the remote computers you are changing the password for.") ' Get new password newPassword = Inputbox ("Please enter the new password.") ' Open the input file and skip the header line Set fsoIn = CreateObject("scripting.filesystemobject") Set inFile = fsoIn.OpenTextFile(inFilename, ForReading, True) inFile.Skipline ' Open the log file (append mode) and timestamp the entry Set fsoOut = CreateObject("scripting.filesystemobject") Set outFile = fsoOut.OpenTextFile(outFilename, ForAppending, True) outFile.writeline (Now & vbTab & "Starting script...") While Not inFile.AtEndOfStream arrComputerNames = Split(inFile.Readline, vbTab, -1, 1) ' arrComputerNames(0) contains the computer name strComputer = arrComputerNames(0) ' Connect to the computer\administrator account Set objUser = GetObject("WinNT://" & strComputer & "/ Administrator, user") If Err.Number <> 0 Then outFile.writeline Now & vbTab & "Error connecting to " & strComputer & " --- " & Err.Description Err.Clear ErrorOccurred = True Else ' Set the password for the account objUser.SetPassword newPassword objUser.SetInfo If Err.Number <> 0 Then outFile.writeline Now & vbTab & "Error setting password for " & strComputer & _ "\Administrator" & " --- " & Err.Description Err.Clear ErrorOccurred = True Else outFile.writeline (Now & vbTab & "Password set for " & strComputer & "\Administrator") End If End If Wend ' Clean up the environment outFile.writeline (Now & vbTab & "Ending script...") inFile.close outFile.close If ErrorOccurred Then msgbox "Script completed with errors. Please check the log file." Else MsgBox "Script completed successfully." End If Ok...not only is it VERY complex for me, but why the huge need for code for something like this? You look at the first one and it seems straightforward and easy. The second, looks like a lot of extra, possibly unnecessary work. ==> It's all unnecessary - unless you need to do it. The first one is basically a demo script to illustrate the simplest possible way to accomplish the task. The second is someone's idea of a more robust version that: - displays a warning advising the user what the effect will be of running the script. - does NOT contain an embedded copy of the new password. - allows for only selected computers to be affected regardless of OU, rather than each one in a single OU. - will work on a non-AD NT domain. - points out when it failed to connect to a system. - maintains a log of which computers it succeeded on and which it failed on - indicates at completion how successful it was. Error checking is always a waste of time because scripts always work the way you expect them to. Oooops, did I say that? I take it back. Now, I'm not maintaining that this script is a paragon of best practices (Wend is deprecated), but it does what it does, and probably because the writer had need for all that. If you don't, it is certainly unnecessary to you - but you might still learn from it. /Al