So, you have been tasked with changing the local Administrator password on all PCs in you company.
In addition, management wants to...
- Do this on a periodic basis, creating a new set of passwords each time.
- Completely automate.
- Enable the helpdesk to look up current as well as historical password data.
- Have groups of PCs issued different passwords based on PC naming convention.
Well, using SMS Installer (you must compile the IPF file using SMS installer program), VBScript and some head-scratching, I have developed this process...
The SMS installer script:
1. Executes a SQL DTS script to exports from the SMS database PC two letter prefixes (AZ for Arizona, RI for Rhode Island... you get the idea) to PC_Prefixes.txt. If you have a limited number of prefixes, you could manually maintain this file.
2. Uses "PW_Generator.vbs" script to create new password file "Reset.ini" (500 different passwords, one per PC prefix, enough for any site...)
3. Combine files created in steps one and two into "Reset_History_New.txt" using the SMS installer script.
4. Maintain the password history logfile "History_x.txt" (12 versions for last 12 password changed.) These are linked in an Excel file "Helpdesk_Password_History.xls" (you will have to edit the data range properties to prompt you for a new file location, then save the file to save the new locations, then open the file and deselect the prompt for file location option.
5. When required,
a. use a PC or server to run the SMS installer script that generates and configures the password files.
b. use SMS to run an advertisement which executes "PWchange_local_master.vbs" (no parameter required)
The "PWchange_local_master.vbs" script performs the following:
- Determines the first two characters of the PC NetBIOS name
- Reads the PC/password Reset_History_New.txt and assigns a new local admin password based on the first two letters of the PC name.
- Annotates the admin user comments to indicate the date the password was changed.
Notes
· No changes need to be made when site are added or removed.
· The password generator creates 500 complex passwords.
· If you use a DTS An SQL DTS package exports all known pc name prefixes to PC_Prefixes.txt.
· Syntax for the SMS Installer script:
If no parameters are passed to the script, you must maintain the PCprefix.txt file manually.
Add DTS to command line to run a SQL DTS package to export PC prefixes. Edit the DTSRun.bat file to point to your SMS database server and DTS package you create.
The SQL query to create a list of PC two letter prefixes to export is:
SELECT DISTINCT TOP 100 PERCENT UPPER(LEFT(Netbios_Name0, 2)) AS [PC Code]
FROM dbo.System_DISC
WHERE (Operating_System_Name_and0 LIKE 'Microsoft%') AND (NOT (Operating_System_Name_and0 LIKE '%Server%'))
GROUP BY UPPER(LEFT(Netbios_Name0, 2))
HAVING (UPPER(LEFT(Netbios_Name0, 2)) >= 'A%')
ORDER BY UPPER(LEFT(Netbios_Name0, 2))
It is not as complicated as it sounds. Go slow and test. Then get some coffee and enjoy.
