[Dshield] Change windows local passwords remotely

Al Reust areust at comcast.net
Thu Apr 1 04:29:09 GMT 2004

Hello Daniel

from a "Local Machine" you can use the "Net User" command
    net user administrator 123456

The problem is that you need to run this from a server and a share that is 
accessible to every machine. Anyone that found the share would know the 
Administrator Password. The safest deployment would be to have Scheduler 
run a command file on the Server. That command file would be called from 
the server not the local machine. So you attempt to make it "not" visible 
(I have not tested this). The next part is capturing every machine name, 
with 15,000 machines I presume that you would use the DHCP servers to see 
who is logged in.

The basics from the local machine are:

    net user administrator 123456    ; 123456 is the desired password.

Choosing the password that you desire. You can deploy the scheduler using 
the AT command. The quick example (untested), no error checking. First you 
create the list of the 15,000 machine names or active IP addresses. If they 
are DHCP the computer names is of the higher priority!

Basic idea:
echo off
for /F %i  in (machine-list) do AT 12:00 /next:wednesday 
echo %i >> \\server\share\scheduledmachines.txt

echo off
net user administrator 123456
echo $computername% >> \\server\share$\complete.txt

Better idea not tested:

echo off:
for /F %i  in (machine-list) do AT 12:00 /next:wednesday 
echo %i >> \\server\share\scheduledmachines.txt

The administrator.bat:
echo off
net user administrator 123456
echo %computername% >> \\server\share$\complete.txt

end example

Because you stated 15,000 machine break it into parts and schedule a group 
for one day of the work week, with machine-list1 complete1.txt etc... Then 
the time to to remove complete machines. Yes it is time consuming but is 
the only way other than making a floppy and executing each from every local 
machine. Otherwise make them join the domain so that Group policy can do 
the work for you and report.

You should have 80% in the first week.

Obviously this can be used to push other things as well..

If you copy tools from the resource kit you can do other things like 
registry entries and forced shutdown and reboot

look at regini or shutdown from the resource kit.
example, this was used to copy a warning banner on login:

REM startnt command file
md c:\temp

If not exist c:\temp\done.txt
net use \\dc101\warning
xcopy \\dc101\warning\regini.exe c:\winnt\system32\
xcopy \\dc101\warning\reg2bat.exe c:\winnt\system32\
xcopy \\dc101\warning\shutdown.exe c:\winnt\system32\
xcopy \\dc101\warning\warning.ini c:\temp\

net logoff

else goto done


for /F %i IN (servers.txt) do regini -m "%i" warning.ini
regini -m \\ "system name" warning.ini
echo >>  %i \\dc101\warning\done.txt
echo > done.txt      ;done.txt would say this machine has completed the 

end example.



At 10:11 AM 3/31/2004 -0500, you wrote:

>Hey guys,
>I was hoping some of you could point me in the right direction help me out,
>I need to find and reset poor local administrator passwords (even just
>resetting NULL passwords would be a great help!) on approx 15k active IP's
>that are not logged into the main Active Directory domain.
>Does anyone happen to have a tool/script that can do this? Or any ideas that
>may help me get through this evil task, my windows coding skills are
>Daniel Hay
>Owner - eBoundary
>http://www.eboundary.com - Fast, reliable and secure hosting solutions.



More information about the list mailing list