Previous Section Table of Contents Next Section

Mass Password Changes with ADSI

One cool use for ADSI that folks don't often think of is using it to manage the local Security Accounts Manager (SAM) of member computers. I have a useful script I run every 30 days or so to change the local Administrator passwords on all my machines; I use the same script to also change some other special user accounts I've created.

graphics/arrow.gif Mass Password Changes

Listing 32.1 shows the script. Note that it reads the computer names from a text file, which lists one computer name per line. This way, I just have to maintain the text file list. You could also write the script to first query all of the computer names in the domain if you want a higher level of automation with less maintenance.

Listing 32.1. MassPass.vbs. Changes local Administrator passwords.

Dim oFSO, oTSIn

Dim sComputer, sUser, oUser, sDSPath

Dim sNewPass



sUser = "Administrator"

sNewPass = "pA55w0Rd!"



Set oFSO = CreateObject("Scripting.FileSystemObject")

Set oTSIn = oFSO.OpenTextFile("c:\machines.txt")



Do Until oTSIn.AtEndOfStream

 sComputer = oTSIn.ReadLine

 sDSPath = "WinNT://" & sComputer & "/" & sUser & ",user"



 Set oUser = GetObject(sDSPath)

  If Err Then 

   WScript.Echo sComputer & " could not be contacted"

   Err.Clear

  Else

   oUser.SetPassword newPassword

  End If

Loop

MsgBox "Complete"

oTSIn.Close

The only change you may need to make is to change the new password, and to change the location of the input file c:\machines.txt.

graphics/arrow.gif Mass Password Changes-Explained

This script starts by defining several variables.


Dim oFSO, oTSIn

Dim sComputer, sUser, oUser, sDSPath

Dim sNewPass

Next, the user name that will be changed and the new password are defined.


sUser = "Administrator"

sNewPass = "pA55w0Rd!"'

A FileSystemObject is created and used to open the input text file. This text file contains the computer names on which I want to modify the Administrator password.


Set oFSO = CreateObject("Scripting.FileSystemObject")

Set oTSIn = oFSO.OpenTextFile("c:\machines.txt")

The script simply reads in computer names by using a Do…Loop construct.


Do Until oTSIn.AtEndOfStream

 On Error Resume Next

 sComputer = oTSIn.ReadLine

For each computer, the script attempts to connect to the specified user account.


sDSPath = "WinNT://" & sComputer & "/" & sUser & ",user"



Set oUser = GetObject(sDSPath)

If the computer is contacted, the password is changed; if the computer cannot be contacted or the Administrator account has been renamed, an error message is displayed.


  If Err Then 

   WScript.Echo sComputer & " could not be contacted"

   Err.Clear

  Else

   oUser.SetPassword newPassword

  End If

Loop

The script closes the input text file and displays a completion message.


MsgBox "Complete"

oTSIn.Close

ADSI scripts don't have to be fancy or complicated to be useful; this tool can save hours of manual labor and help create a more secure environment.

    Previous Section Table of Contents Next Section