JSI Tip 2501. A better method for changing the local Administrator password on all your workstations, without traveling.

Jerold Schulman

June 15, 2000

19 Min Read
ITPro Today logo in a gray background | ITPro Today


In tip 0199, I scripted a tool to perform the subject function.

Using tools from the Windows NT 4.0 Resource Kit Supplement 4 or Windows 2000 Server Resource kit,
David A. Stewart, MCSE - [email protected] provides us with the following:

OS:  Win NT 4.0 SP2 and up, including Windows 2000This Password Changer routine is designed for System Admins on large domain structures to remotely connect to every workstation on a given domain(derived from the pdc automatically), find the built-in local administrator account(no matter what name it may be), check for accounts with duplicate names as the intended name change, delete the duplicate accounts, rename it to some standard convention, and then change the password of that account.It is written to sort out servers and not change them.  The user running the script must have admin rights on the subject systems.  At completion of the batch job several log files are generated denoting the status of the systems.Additionally, a working file is left in the directory containing systems that were not online at the time of the batch job being run.  This file will be detected if the batch job is run again and batch job will try to connect to the remaining systems listed in the file. The name of the file is working.txt.@ECHO OFFREM ******************************************************************REM Name: AdminPasswordv4.1.batREM Author: David A. Stewart    [email protected] Additional Credits: Matthew J. Bobowski    [email protected] Purpose: To Change the Built-in Administrator account name and passwordREM Purpose: across a domain structureREM Operating System: NT4 and aboveREM Dependencies: GETINPUT.EXE by Matt BobowskiREM Dependencies: SERVERINF.EXE by Matt BobowskiREM Dependencies: HEAD.EXE by Matt BobowskiREM Dependencies: NETUSER.EXE by Matt BobowskiREM Dependencies: PULIST.EXE from the NT4 Resource KitREM Dependencies: SLEEP.EXE from the NT4 Resource KitREM Dependencies: NOW.EXE from the NT4 Resource KitREM Dependencies: CHOICE.EXE the NT4 Resource KitREM Dependencies: GETTYPE.EXE from the W2K Resource KitREM Dependencies: CUSRMGR.EXE from the W2K Resource KitREM Dependencies: REM Version: 4.1REM Creation Date: 4-16-2002REM Last Modified: 5-1-2002REM Additional Information: REM REM REM ******************************************************************GOTO BEGINSCRIPTThis section is my scratch-pad for script organization:BEGINSCRIPT@TITLE Domain Password UtilityCLSCOLOR 3FECHO.SETLOCAL:START:TEST OS TypeIF NOT "%OS%"

"Windows_NT" GOTO OSERROREND ECHO ############################################################ ECHO #### Domain-wide Password and Account Name Manager #### ECHO #### For Local System Built-in Administrator Accounts #### ECHO #### #### ECHO #### Authors: David A. Stewart and Matthew J. Bobowski #### ECHO #### Date: 4-30-2002 #### ECHO #### Version:4.1 #### ECHO #### #### ECHO #### #### ECHO #### And Oh Yeah, Your Welcome #### ECHO ############################################################ ECHO. ECHO. IF NOT EXIST .files. MD files PUSHD .files REM Check for existence of operational dependancies REM IF NOT EXIST ECHO This Script requires that be present in the Files sub-folder in order to function properly. &goto SUB-END IF NOT EXIST GETINPUT.EXE ECHO This Script requires that GETINPUT.EXE be present in the Files sub-folder in order to function properly. &goto SUB-END IF NOT EXIST NETDOM.EXE ECHO This Script requires that NETDOM.EXE be present in the Files sub-folder in order to function properly. &goto SUB-END IF NOT EXIST PULIST.EXE ECHO This Script requires that PULIST.EXE be present in the Files sub-folder in order to function properly. &goto SUB-END IF NOT EXIST SLEEP.EXE ECHO This Script requires that SLEEP.EXE be present in the Files sub-folder in order to function properly. &goto SUB-END IF NOT EXIST GETTYPE.EXE ECHO This Script requires that GETTYPE.EXE be present in the Files sub-folder in order to function properly. &goto SUB-END IF NOT EXIST SERVERINF.EXE ECHO This Script requires that SERVERINF.EXE be present in the Files sub-folder in order to function properly. &goto SUB-END IF NOT EXIST HEAD.EXE ECHO This Script requires that HEAD.EXE be present in the Files sub-folder in order to function properly. &goto SUB-END IF NOT EXIST NETUSER.EXE ECHO This Script requires that NETUSER.EXE be present in the Files sub-folder in order to function properly. &goto SUB-END IF NOT EXIST CUSRMGR.EXE ECHO This Script requires that CUSRMGR.EXE be present in the Files sub-folder in order to function properly. &goto SUB-END IF NOT EXIST NOW.EXE ECHO This Script requires that NOW.EXE be present in the Files sub-folder in order to function properly. &goto SUB-END IF NOT EXIST CHOICE.EXE ECHO This Script requires that CHOICE.EXE be present in the Files sub-folder in order to function properly. &goto SUB-END ECHO. ECHO Setting Up... one moment please... REM CALL :GENERATESPAWNBAT REM ECHO Setup 50%% complete.... CALL :GENERATEMACHINEUPDATER ECHO Setup 100%% complete.... :CRONSTAMP FOR /F "Tokens=1*" %%f IN ('TIME /T') DO ( FOR /F "Delims=: Tokens=1-2" %%y in ('ECHO %%f') DO SET StartTime=%%y-%%z ) FOR /F "Tokens=1,2*" %%f IN ('DATE /T') DO ( FOR /F "Tokens=1-3 Delims=/" %%x IN ('ECHO %%g') DO SET StartDate=%%x-%%y-%%z ) :SETVARIABLES SET RepeatProcessingSettings=FALSE SET RepeatProcessingList=FALSE SET LOGFILENAME=.LOGFILESPASSWORD_CHANGE_LOGFILE_%StartDate%_%StartTime%.txt SET PasswordIsHidden=none SET RenameAdministratorAccount=none SET MachineList=working_machine_list.txt SET AlternateMachineList=none :LOGIC IF EXIST working_session_settings.txt SET RepeatProcessingSettings=TRUE IF EXIST %MachineList% SET RepeatProcessingList=TRUE :ACTION ECHO. ECHO Gathering user preferences..... ECHO. :TEST_FOR_REMANENT_PROCESSING_LISTS TIME /T>NUL ECHO. IF %RepeatProcessingSettings%

TRUE CHOICE "A list of session settings already exists from a previous run, do you want to VIEW this list " IF "%ERRORLEVEL%"

"1" TYPE working_session_settings.txt ECHO. TIME /T>NUL IF %RepeatProcessingSettings%

TRUE CHOICE "Do you want to continue using these session settings " IF %ERRORLEVEL%

1 SET RepeatProcessingSettings=TRUE IF %ERRORLEVEL%

2 SET RepeatProcessingSettings=FALSE ECHO. TIME /T>NUL IF %RepeatProcessingList%

TRUE CHOICE "A list of machines already exists from a previous run, do you want to VIEW this list " IF %ERRORLEVEL%

1 TYPE %MachineList% ECHO. TIME /T>NUL IF %RepeatProcessingList%

TRUE CHOICE "Do you want to continue using this machine list " IF %ERRORLEVEL%

1 SET RepeatProcessingList=TRUE IF %ERRORLEVEL%

2 SET RepeatProcessingList=FALSE :QUERY_USER_FOR_SESSION_SETTINGS IF %RepeatProcessingList%

FALSE CALL :QUERY_USER_FOR_MACHINE_NAME_LIST IF %RepeatProcessingSettings%

TRUE GOTO REPEATPROCESSINGSETTINGS GOTO GETADMINISTRATORNAME :QUERY_USER_FOR_MACHINE_NAME_LIST IF EXIST %MachineList% DEL /Q %MachineList% ECHO. TIME /T>NUL CHOICE "Do you want to manually enter a list of machine names to process " IF "%ERRORLEVEL%"

"1" GOTO GENERATE_TARGET_MACHINE_LIST_INFORMATION :GATHER_TARGET_MACHINE_LIST_INFORMATION ECHO. FOR /F "tokens=* delims=" %%a in ('GETINPUT /PROMPT:"Name of the Domain to Process: "') DO @SET TargetDomain=%%a :QUERY_USER_FOR_TARGET_MACHINE_TYPE ECHO. ECHO What Type of Machines do you want to change the built-in Administrator account and password on? ECHO 1. NT4 DCs ECHO 2. W2K DCs ECHO 3. All Member Servers ECHO 4. NT4 Member Servers ECHO 5. W2K Member Servers ECHO 6. All Workstations ECHO 7. NT4 Workstations ONLY ECHO 8. W2K Workstations ONLY TIME /T>NUL CHOICE /C:12345678 "Pick One : " IF %ERRORLEVEL%

1 SET TargetMachineDisplay=NT4 DCs&SET TargetMachineType=NT4PDC&SET NetdomType=BDC IF %ERRORLEVEL%

2 SET TargetMachineDisplay=W2K DCs&SET TargetMachineType=W2KDC&SET NetdomType=BDC IF %ERRORLEVEL%

3 SET TargetMachineDisplay=All Member Servers&SET TargetMachineType=AllMemberServers&SET NetdomType=MEMBER IF %ERRORLEVEL%

4 SET TargetMachineDisplay=NT4 Member Servers&SET TargetMachineType=NT4MemberServers&SET NetdomType=MEMBER IF %ERRORLEVEL%

5 SET TargetMachineDisplay=W2K Member Servers&SET TargetMachineType=W2KMemberServers&SET NetdomType=MEMBER IF %ERRORLEVEL%

6 SET TargetMachineDisplay=All Workstations&SET TargetMachineType=AllWorkstations&SET NetdomType=MEMBER IF %ERRORLEVEL%

7 SET TargetMachineDisplay=NT4 Workstations ONLY&SET TargetMachineType=NT4Workstations&SET NetdomType=MEMBER IF %ERRORLEVEL%

8 SET TargetMachineDisplay=W2K Workstations ONLY&SET TargetMachineType=W2KWorkstations&SET NetdomType=MEMBER :BUILD_WORKING_MACHINE_LIST IF %RepeatProcessingList%

TRUE GOTO CHECKORCREATELOGDIRS ECHO. ECHO Creating a list of %TargetMachineDisplay% in %TargetDomain%. ECHO. IF /I EXIST Temp.txt DEL /Q Temp.txt NETDOM.EXE /D:%TargetDomain% %NetdomType%>TEMP.TXT REM Removing NETDOM formatting from the machine names REM ECHO %TargetMachineDisplay% in %TargetDomain%>%MachineList% REM ECHO.>>%MachineList% IF EXIST %MachineList% DEL /Q %MachineList% FOR /F "Skip=6 Delims=\ Tokens=2" %%a in (TEMP.TXT) DO ECHO %%a>>%MachineList% ECHO Done Creating Machine List. ECHO. GOTO :EOF :GENERATE_TARGET_MACHINE_LIST_INFORMATION ECHO. ECHO. ECHO. ECHO You can enter machine names one at a time, ECHO Or you can paste a line by line list of machine ECHO names into the following input prompt. ECHO. ECHO Press CTRL+Z then Enter after you have successfully entered the last machine name. ECHO. ECHO Begin Entering Machine Names now: :GETMACHINENAMES ECHO. COPY CON "Temp.txt" FOR /F "Delims=\ Tokens=1*" %%a in (Temp.txt) DO ECHO %%a>>%MachineList% DEL /Q Temp.txt :ENDGETMACHINENAMES ECHO. ECHO. TIME /T>NUL CHOICE "Do you want to see your list of machine names to process " IF NOT "%ERRORLEVEL%"

"1" GOTO GETADMINISTRATORNAME ECHO. TYPE %MachineList% ECHO. TIME /T>NUL CHOICE "Is this list correct, If not you will need to enter all the names again " IF "%ERRORLEVEL%"

"1" SET AlternateMachineList=1 IF "%ERRORLEVEL%"

"1" SET RepeatProcessingList=TRUE IF "%ERRORLEVEL%"

"1" GOTO :EOF GOTO QUERY_USER_FOR_MACHINE_NAME_LIST :GETADMINISTRATORNAME IF %RepeatProcessingSettings%

TRUE GOTO REPEATPROCESSINGSETTINGS ECHO. ECHO Do you want to change the name(s) of the Built-in Administrator Account(s) CHOICE "on the target machine(s), to one given name " IF %ERRORLEVEL%

1 SET RenameAdministratorAccount=1 IF %ERRORLEVEL%

2 SET RenameAdministratorAccount=0 &GOTO GETADMINSTRATORPASSWORD ECHO. FOR /F "tokens=* delims=" %%a in ('GETINPUT /PROMPT:"Desired Name of the Built-in Administrator Account: "') DO @SET TargetAdministratorName=%%a IF "%TargetAdministratorName%"

"" GOTO GETADMINISTRATORNAME :GETADMINSTRATORPASSWORD SET TargetAdministratorPassword= SET TargetAdministratorPassword2= ECHO. TIME /T>NUL CHOICE "Do you want to use a Randomly Generated password " IF %ERRORLEVEL%

1 SET PasswordIsHidden=0 IF %ERRORLEVEL%

1 SET TargetAdministratorPassword=RaNdOmû &GOTO LOGPASSWORDQUESTION GOTO PASSWORDISHIDDENQUESTION :LOGPASSWORDQUESTION ECHO. TIME /T>NUL SET LogRandomPassword=0 CHOICE "Do you want to Log the Random password " IF %ERRORLEVEL%

1 SET LogRandomPassword=1&GOTO REVIEWSESSIONSETTINGS :PASSWORDISHIDDENQUESTION ECHO. TIME /T>NUL CHOICE "Do you want to enter the password in clear text " IF %ERRORLEVEL%

1 SET PasswordIsHidden=0 &GOTO MASKPASSWORD-NO IF %ERRORLEVEL%

2 SET PasswordIsHidden=1 &GOTO MASKPASSWORD-YES GOTO GETADMINSTRATORPASSWORD :MASKPASSWORD-YES ECHO. FOR /F "tokens=* delims=" %%a in ('GETINPUT /MASK:* /PROMPT:"Desired Password to Distribute: "') DO @SET TargetAdministratorPassword=%%a ECHO. FOR /F "tokens=* delims=" %%a in ('GETINPUT /MASK:* /PROMPT:"Re-enter Password: "') DO @SET TargetAdministratorPassword2=%%a ECHO. IF NOT "%TargetAdministratorPassword%"

"%TargetAdministratorPassword2%" ECHO Confirmation did not match try again. &GOTO GETADMINSTRATORPASSWORD ECHO. GOTO MASKPASSWORD-END :MASKPASSWORD-NO FOR /F "tokens=* delims=" %%a in ('GETINPUT /PROMPT:"Desired Password to Distribute: "') DO @SET TargetAdministratorPassword=%%a ECHO. FOR /F "tokens=* delims=" %%a in ('GETINPUT /PROMPT:"Re-enter Password: "') DO @SET TargetAdministratorPassword2=%%a ECHO. IF NOT "%TargetAdministratorPassword%"

"%TargetAdministratorPassword2%" ECHO Confirmation did not match try again. &GOTO GETADMINSTRATORPASSWORD ECHO. GOTO MASKPASSWORD-END :MASKPASSWORD-END :REVIEWSESSIONSETTINGS ECHO. ECHO The target Domain is %TargetDomain% ECHO The target Machine Group is %TargetMachineDisplay% IF %RenameAdministratorAccount%

1 ECHO The target Administrator Name is %TargetAdministratorName% IF %RenameAdministratorAccount%

0 ECHO The Administrator Account Names will not be changed. ECHO PasswordIsHidden=%PasswordIsHidden% IF %PasswordIsHidden%

1 ECHO The target Administrator Password will not be displayed because password masking was selected. IF NOT %PasswordIsHidden%

1 ECHO The target Administrator Password is %TargetAdministratorPassword% ECHO. TIME /T>NUL CHOICE "Is this information correct " IF %ERRORLEVEL%

1 GOTO CHECKORCREATELOGDIRS IF %ERRORLEVEL%

2 GOTO QUERY_USER_FOR_SESSION_SETTINGS IF "%ERRORLEVEL%"

"" GOTO REVIEWSESSIONSETTINGS GOTO CHECKORCREATELOGDIRS :REPEATPROCESSINGSETTINGS FOR /F "Delims=: Tokens=1-2*" %%a in (working_session_settings.txt) do SET %%a=%%b IF "%TargetAdministratorPassword%"

"" GOTO GETADMINSTRATORPASSWORD IF "%TargetAdministratorPassword%"

" " GOTO GETADMINSTRATORPASSWORD IF NOT %TargetAdministratorPassword%

RaNdOmû GOTO CHECKORCREATELOGDIRS SET PasswordIsHidden=0 ECHO. TIME /T>NUL ECHO In the save session settings the password option was set to RANDOM. CHOICE "Do you want to keep this setting " IF %ERRORLEVEL%

2 GOTO GETADMINSTRATORPASSWORD :CHECKORCREATELOGDIRS IF NOT EXIST .offline. MD offline IF NOT EXIST .oldadmin. MD oldadmin IF NOT EXIST .undetermined. MD undetermined IF NOT EXIST .completed. MD completed IF NOT EXIST .ameinuse. MD nameinuse IF NOT EXIST .errorlog. MD errorlog IF NOT EXIST .password_change_failure. MD password_change_failure IF NOT EXIST .LOGFILES. MD LOGFILES IF NOT EXIST .Random_Password_Logs. MD Random_Password_Logs REM Get PDC Name If DC option was selected, and make it the only entry in the %MachineList% IF "%TargetMachineType%"

"NT4PDC" FOR /F "Delims=\ Tokens=2*" %%a in ('"NETDOM.EXE /D:%TargetDomain% %NetdomType% | head -n 4"') DO ECHO %%a>%MachineList% IF "%TargetMachineType%"

"W2KDC" FOR /F "Delims=\ Tokens=2*" %%a in ('"NETDOM.EXE /D:%TargetDomain% %NetdomType% | head -n 4"') DO ECHO %%a>%MachineList% :SPAWNPROCESS ECHO Beginning Multi-thread Session Spawning...... ECHO DO NOT CLOSE THIS WINDOW, A MESSAGE WILL INFORM YOU WHEN THE PROCESSING HAS COMPLETED!!! ECHO. CALL :SPAWN.BAT ECHO. ECHO PLEASE WAIT UNITL ALL THE POP-UP WINDOWS HAVE CLOSED, DO NOT PROCEED UNTIL THEY DO OR LOGGING DATA WILL BE INACCURATE. PAUSE ECHO. ECHO ARE YOU SURE THAT ALL THE POP-UP WINDOWS HAVE CLOSED? PAUSE :SUB-END REM Clean-Up Routines :LOGFILES ECHO. ECHO Generating Log File.........Please Wait.... ECHO This Process was run by %USERDOMAIN%%USERNAME% from Computer %COMPUTERNAME%.>%LOGFILENAME% FOR /F "Delims=: Tokens=2" %%a in ('IPCONFIG^|FINDSTR /I IP') DO FOR /F "Delims=. Tokens=1-4" %%f in ('ECHO %%a') DO ECHO IP Address:%%f.%%g.%%h.%%i >>%LOGFILENAME% FOR /F "Delims= Tokens=1*" %%a in ('DATE /T') DO ECHO Date: %%a >>%LOGFILENAME% FOR /F "Delims=- Tokens=1-2" %%a in ('ECHO %StartTime%') DO ECHO StartTime was: %%a:%%b >>%LOGFILENAME% FOR /F "Delims= Tokens=1*" %%a in ('TIME /T') DO ECHO The Finish Time was: %%a >>%LOGFILENAME% ECHO. >>%LOGFILENAME% ECHO [Session Settings] >>%LOGFILENAME% ECHO TargetDomain:%TargetDomain% >>%LOGFILENAME% ECHO TargetMachineDisplay:%TargetMachineDisplay% >>%LOGFILENAME% ECHO TargetMachineType:%TargetMachineType% >>%LOGFILENAME% ECHO NetdomType:%NetdomType% >>%LOGFILENAME% ECHO TargetAdministratorName:%TargetAdministratorName% >>%LOGFILENAME% ECHO PasswordIsHidden:%PasswordIsHidden% >>%LOGFILENAME% ECHO RenameAdministratorAccount:%RenameAdministratorAccount% >>%LOGFILENAME% ECHO LogRandomPassword:%LogRandomPassword% >>%LOGFILENAME% IF NOT "%TargetAdministratorPassword%"

"" ECHO TargetAdministratorPassword:%TargetAdministratorPassword% >>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO [Machines Completed successfully]>>%LOGFILENAME% FOR /R %%I IN (.completed*) DO ECHO %%~nxI>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO Logfile 12.5%% complete.... ECHO [Machines Online but Password Change returned an Errorcode]>>%LOGFILENAME% FOR /R %%I IN (.password_change_failure*) DO ECHO %%~nxI>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO Logfile 25%% complete.... ECHO [Machines Offline or not Pingable]>>%LOGFILENAME% FOR /R %%I IN (.offline*) DO ECHO %%~nxI>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO Logfile 37.5%% complete.... ECHO [Previous Administrator names that were renamed]>>%LOGFILENAME% FOR /R %%I IN (.oldadmin*) DO ( FOR /F "Delims= Tokens=1*" %%a in (.oldadmin%%~nxI) DO ECHO The original built-in Administrator Name on Machine "%%~nxI" was "%%a".>>%LOGFILENAME% ) ECHO.>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO Logfile 50%% complete.... ECHO [Machines Online but OS was Undetermined]>>%LOGFILENAME% FOR /R %%I IN (.undetermined*) DO ECHO %%~nxI>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO Logfile 62.5%% complete.... ECHO [Machines that the Built-in Administrator Account Name could Not be changed]>>%LOGFILENAME% FOR /R %%I IN (.ameinuse*) DO ECHO %%~nxI>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO Logfile 75%% complete.... ECHO [There was an error verifying the administrator account on these machines]>>%LOGFILENAME% FOR /R %%I IN (.errorlog*) DO ECHO %%~nxI>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO Logfile 87.5%% complete.... IF NOT "%LogRandomPassword%"

"1" ECHO Logfile 100%% complete.... &GOTO SAVESESSIONSETTINGS ECHO [Random Password Logs]>>%LOGFILENAME% FOR /R %%I IN (.Random_Password_Logs*) DO ( FOR /F "Delims= Tokens=1-4*" %%a in (.Random_Password_Logs%%~nxI) DO ECHO %%a %%b %%c %%d>>%LOGFILENAME% ) ECHO.>>%LOGFILENAME% ECHO.>>%LOGFILENAME% ECHO Logfile 100%% complete.... :SAVESESSIONSETTINGS ECHO. TIME /T>NUL IF EXIST working_session_settings.txt CHOICE "Do you want to DELETE the previous session settings file " IF %ERRORLEVEL%

1 DEL /Q working_session_settings.txt ECHO. TIME /T>NUL CHOICE "Do you want to save the session settings for a repeat run " IF %ERRORLEVEL%

2 GOTO BUILDNEWWORKINGMACHINELIST ECHO TargetDomain:%TargetDomain%>working_session_settings.txt ECHO TargetMachineDisplay:%TargetMachineDisplay%>>working_session_settings.txt ECHO TargetMachineType:%TargetMachineType%>>working_session_settings.txt ECHO NetdomType:%NetdomType%>>working_session_settings.txt ECHO TargetAdministratorName:%TargetAdministratorName%>>working_session_settings.txt ECHO PasswordIsHidden:%PasswordIsHidden%>>working_session_settings.txt ECHO RenameAdministratorAccount:%RenameAdministratorAccount%>>working_session_settings.txt ECHO LogRandomPassword:%LogRandomPassword%>>working_session_settings.txt TIME /T>NUL IF %PasswordIsHidden%

1 CHOICE "You select a masked password. Do you want to save the password in a clear text file with the session settings " IF %PasswordIsHidden%

1 ECHO. IF %ERRORLEVEL%

2 GOTO BUILDNEWWORKINGMACHINELIST ECHO TargetAdministratorPassword:%TargetAdministratorPassword%>>working_session_settings.txt :BUILDNEWWORKINGMACHINELIST :ADDCOMPLETEDMACHINES IF EXIST %MachineList% DEL /Q %MachineList% ECHO. TIME /T>NUL ECHO Do you want to add the SUCCESSFULLY COMPLETED Machines CHOICE "to the saved machines list for future processing " IF %ERRORLEVEL%

2 GOTO ADDFAILEDMACHINES FOR /R %%I IN (.completed*) DO ECHO %%~nxI>>%MachineList% :ADDFAILEDMACHINES ECHO. TIME /T>NUL ECHO Do you want to add the FAILED SYSTEMS CHOICE "to the saved machines list for future processing " IF %ERRORLEVEL%

2 GOTO DELETELOGFILEDATASOURCE :ADDNAMECHANGEFAILUREMACHINES ECHO. TIME /T>NUL ECHO Do you want to add the ONLINE but NAME CHANGE FAILURE Machines CHOICE "to the saved machines list for future processing " IF %ERRORLEVEL%

2 GOTO ADDOFFLINEMACHINES FOR /R %%I IN (.password_change_failure*) DO ECHO %%~nxI>>%MachineList% :ADDOFFLINEMACHINES ECHO. TIME /T>NUL ECHO Do you want to add the OFFLINE Machines CHOICE "to the saved machines list for future processing " IF %ERRORLEVEL%

2 GOTO ADDUNDETERMINEDMACHINES FOR /R %%I IN (.offline*) DO ECHO %%~nxI>>%MachineList% :ADDUNDETERMINEDMACHINES ECHO. TIME /T>NUL ECHO Do you want to add the UNDETERMINED Machines CHOICE "to the saved machines list for future processing " IF %ERRORLEVEL%

2 GOTO ADDNAMEINUSEMACHINES FOR /R %%I IN (.undetermined*) DO ECHO %%~nxI>>%MachineList% :ADDNAMEINUSEMACHINES ECHO. TIME /T>NUL ECHO Do you want to add the Administrator Account NAME CONFLICTION Machines CHOICE "to the saved machines list for future processing " IF %ERRORLEVEL%

2 GOTO DELETELOGFILEDATASOURCE FOR /R %%I IN (.ameinuse*) DO ECHO %%~nxI>>%MachineList% FOR /R %%I IN (.errorlog*) DO ECHO %%~nxI>>%MachineList% :DELETELOGFILEDATASOURCE ECHO. ECHO Cleaning up....Please Wait..... ECHO The more systems processed the longer this will take..... ECHO. DEL /F /S /Q .offline*.* >NUL RD offline >NUL ECHO Cleanup 12.5%% complete.... DEL /F /S /Q .oldadmin*.* >NUL RD oldadmin >NUL ECHO Cleanup 25%% complete.... DEL /F /S /Q .undetermined*.* >NUL RD undetermined >NUL ECHO Cleanup 37.5%% complete.... DEL /F /S /Q .completed*.* >NUL RD completed >NUL ECHO Cleanup 50%% complete.... DEL /F /S /Q .ameinuse*.* >NUL RD nameinuse >NUL ECHO Cleanup 62.5%% complete.... DEL /F /S /Q .errorlog*.* >NUL RD errorlog >NUL ECHO Cleanup 75%% complete.... DEL /F /S /Q .password_change_failure*.* >NUL RD password_change_failure >NUL ECHO Cleanup 87.5%% complete.... DEL /F /S /Q .Random_Password_Logs*.* >NUL RD Random_Password_Logs >NUL IF EXIST machine_updater.bat DEL /F /Q machine_updater.bat IF EXIST spawn.bat DEL /F /Q spawn.bat IF EXIST TEMP.TXT DEL /F /Q TEMP.TXT ECHO Cleanup 100%% complete.... GOTO END :SPAWN.BAT REM Name: Spawn REM Author: Matthew J. Bobowski REM Purpose: Spawn processes in a multi-threaded fashion. This program will create a REM process for each item in a list. PULIST.EXE (NT Resource Kit) is used to regulate the REM number of processes spawned, preventing RAM available to the system from being used up. REM SLEEP.EXE (NT Resource Kit) is used to avoid processor lock. SETLOCAL REM This should be adjusted for the amount of memory and other resources on the machine it is run. REM Remember, that each cmd shell takes a process, as do any programs it may call. If your REM script calls any programs, then those programs would count as a process as well. SET PROCESSES=300 REM Change this to run against your own list! SET LIST=%MachineList% IF NOT EXIST %LIST% GOTO ERROR_ListNotFound REM Change this for your program to run in its own process SET PROGRAM=machine_updater.bat IF NOT EXIST %PROGRAM% GOTO ERROR_ProgramNotFound REM Get the current number of processes FOR /F "tokens=1" %%z in ('pulist') do set /A NUM_PROGRAMS=NUM_PROGRAMS + 1 REM Create a child process for each item in the list. REM FOR /F "skip=0 delims=" %%a in ('type "%LIST%"') DO CALL :SPAWN_PROCESS %%a FOR /F "delims=" %%a in ('type "%LIST%"') DO CALL :SPAWN_PROCESS %%a REM Finish GOTO :EOF :SPAWN_PROCESS SET COMPUTER=%1 SET /A counter=0 FOR /F "tokens=1" %%z in ('pulist') do set /A counter=counter + 1 SET /A TOTAL=%counter% - %NUM_PROGRAMS% REM Check to see if the number of processes has been exceeded. IF %TOTAL% GTR %PROCESSES% ( REM Yield processor to other programs. Then Loop. sleep 1 GOTO SPAWN_PROCESS ) REM Create a new thread (process) to be run independently. START "%COMPUTER%" cmd /c %PROGRAM% %COMPUTER% "%COMPUTER%" GOTO :EOF :ERROR_ListNotFound ECHO ERROR: The list file [%LIST%] could not be found! PAUSE GOTO :EOF :ERROR_ProgramNotFound ECHO ERROR: The program [%PROGRAM%] was not found! PAUSE GOTO :EOF :GENERATEMACHINEUPDATER ECHO @ECHO OFF>machine_updater.bat ECHO SET ComputerToProcess=%%1 >>machine_updater.bat ECHO ECHO Pinging %%ComputerToProcess%%...>>machine_updater.bat ECHO ECHO.>>machine_updater.bat ECHO SET OnlineState=OFFLINE>>machine_updater.bat ECHO FOR /F "Skip=3 Delims=:= Tokens=2" %%%%a in ('PING %%ComputerToProcess%%') DO (>>machine_updater.bat ECHO IF "%%%%a"

" bytes" SET OnlineState=ONLINE>>machine_updater.bat ECHO )>>machine_updater.bat ECHO IF NOT "%%OnlineState%%"

"ONLINE" GOTO OFFLINESTATE>>machine_updater.bat ECHO. >>machine_updater.bat ECHO IF %%AlternateMachineList%%

1 GOTO NAMECHECK>>machine_updater.bat ECHO GETTYPE \%%ComputerToProcess%%>>machine_updater.bat ECHO SET GETTYPECODE=%%ERRORLEVEL%%>>machine_updater.bat ECHO. >>machine_updater.bat ECHO IF %%GETTYPECODE%%

1 SET MachineType=NT4Workstations>>machine_updater.bat ECHO IF %%GETTYPECODE%%

2 SET MachineType=W2KWorkstations>>machine_updater.bat ECHO IF %%GETTYPECODE%%

3 SET MachineType=NT4MemberServers>>machine_updater.bat ECHO IF %%GETTYPECODE%%

4 SET MachineType=W2KMemberServers>>machine_updater.bat ECHO IF %%GETTYPECODE%%

5 SET MachineType=NT4PDC>>machine_updater.bat ECHO IF %%GETTYPECODE%%

6 SET MachineType=W2KDC>>machine_updater.bat ECHO IF %%GETTYPECODE%%

7 SET MachineType=NT4PDC>>machine_updater.bat ECHO IF %%GETTYPECODE%%

8 SET MachineType=NT4MemberServers>>machine_updater.bat ECHO IF %%GETTYPECODE%% LSS 1 GOTO UNDETERMINEDMACHINETYPE>>machine_updater.bat ECHO IF %%GETTYPECODE%% GTR 8 GOTO UNDETERMINEDMACHINETYPE>>machine_updater.bat ECHO. >>machine_updater.bat ECHO :BEGINSORTINGMACHINETYPE>>machine_updater.bat ECHO IF "%%MachineType%%"

"%%TargetMachineType%%" GOTO %%MachineType%%>>machine_updater.bat ECHO IF "%%TargetMachineType%%"

"AllMemberServers" GOTO AllMemberServers>>machine_updater.bat ECHO IF "%%TargetMachineType%%"

"AllWorkstations" GOTO AllWorkstations>>machine_updater.bat ECHO REM At this point if the machine type does not match the target machine nor is the target machine type an all machines list type, the machine will fall to this line.>>machine_updater.bat ECHO GOTO :EOF>>machine_updater.bat ECHO. >>machine_updater.bat ECHO :NT4PDC>>machine_updater.bat ECHO :W2KDC>>machine_updater.bat ECHO GOTO NAMECHECK>>machine_updater.bat ECHO. >>machine_updater.bat ECHO :ALLMEMBERSERVERS>>machine_updater.bat ECHO IF "%%MachineType%%"

"NT4MemberServers" GOTO %%MachineType%%>>machine_updater.bat ECHO IF "%%MachineType%%"

"W2KMemberServers" GOTO %%MachineType%%>>machine_updater.bat ECHO GOTO UNDETERMINEDMACHINETYPE>>machine_updater.bat ECHO :NT4MEMBERSERVERS>>machine_updater.bat ECHO :W2KMEMBERSERVERS>>machine_updater.bat ECHO GOTO NAMECHECK>>machine_updater.bat ECHO. >>machine_updater.bat ECHO :ALLWORKSTATIONS>>machine_updater.bat ECHO IF "%%MachineType%%"

"NT4Workstations" GOTO %%MachineType%%>>machine_updater.bat ECHO IF "%%MachineType%%"

"W2KWorkstations" GOTO %%MachineType%%>>machine_updater.bat ECHO GOTO UNDETERMINEDMACHINETYPE>>machine_updater.bat ECHO :NT4WORKSTATIONS>>machine_updater.bat ECHO :W2KWORKSTATIONS>>machine_updater.bat ECHO GOTO NAMECHECK>>machine_updater.bat ECHO. >>machine_updater.bat ECHO :NAMECHECK>>machine_updater.bat ECHO IF %%RenameAdministratorAccount%%

0 GOTO CHANGEPASSWORD>>machine_updater.bat ECHO REM Test for the existance of an account with the same name as the Target Administrator Name>>machine_updater.bat ECHO NETUSER "%%TargetAdministratorName%%" /DOMAIN:\%%ComputerToProcess%%>>machine_updater.bat ECHO IF %%ERRORLEVEL%%

2221 GOTO RENAMEADMINISTRATOR ^&REM The Target Administrator Name does not exist and the account name must be changed.>>machine_updater.bat ECHO IF %%ERRORLEVEL%%

0 GOTO CHECKANDCHANGEBYRID ^&REM The Target Administrator Name exists and the account name must be checked to see if it is the Built-in Administrator account.>>machine_updater.bat ECHO ECHO There was an error verifying the administrator account on machine %%ComputerToProcess%%^>^>.errorlogerrorlog.txt>>machine_updater.bat ECHO GOTO :EOF>>machine_updater.bat ECHO. >>machine_updater.bat ECHO :CHECKANDCHANGEBYRID>>machine_updater.bat ECHO REM Check to see if the Target Administrator Name is already the same as the Built-in Administrator Name and if NOT, Rename the conflicting account name.>>machine_updater.bat ECHO FOR /F "Skip=3 Delims=ID Tokens=1-3*" %%%%a IN ('"NETUSER %%TargetAdministratorName%% /DOMAIN:\%%ComputerToProcess%% | head -n 4"') DO (>>machine_updater.bat ECHO FOR /F %%%%f IN ('Echo %%%%b') DO (>>machine_updater.bat ECHO IF NOT "%%%%f"

"500" CUSRMGR.EXE -u %%TargetAdministratorName%% -r %%TargetAdministratorName%%.renamed -m \%%ComputerToProcess%%>>machine_updater.bat ECHO )>>machine_updater.bat ECHO )>>machine_updater.bat ECHO :RENAMEADMINISTRATOR>>machine_updater.bat ECHO FOR /F "Skip=1 Delims= Tokens=2*" %%%%a IN ('"NETUSER /RID:500 /DOMAIN:\%%ComputerToProcess%% | head -n 2"') DO (>>machine_updater.bat ECHO IF NOT "%%%%a"

"%%TargetAdministratorName%%" CUSRMGR.EXE -u "%%%%a" -r "%%TargetAdministratorName%%" -m \%%ComputerToProcess%% >>machine_updater.bat ECHO IF NOT "%%%%a"

"%%TargetAdministratorName%%" ECHO %%%%a^>.oldadmin%%ComputerToProcess%%>>machine_updater.bat ECHO )>>machine_updater.bat ECHO ECHO.>>machine_updater.bat ECHO :CHECKCHANGEDRID>>machine_updater.bat ECHO SET CheckRid= >>machine_updater.bat ECHO REM Check to see if the Built-in Administrator Name was changed to the Target Administrator Name.>>machine_updater.bat ECHO FOR /F "Skip=3 Delims=ID Tokens=1-3*" %%%%a IN ('"NETUSER %%TargetAdministratorName%% /DOMAIN:\%%ComputerToProcess%% | head -n 4"') DO (>>machine_updater.bat ECHO FOR /F %%%%f IN ('Echo %%%%b') DO (>>machine_updater.bat ECHO IF NOT "%%%%f"

"500" SET CheckRid=FALSE>>machine_updater.bat ECHO )>>machine_updater.bat ECHO )>>machine_updater.bat ECHO IF "%%CheckRid%%"

"FALSE" ECHO Name Already in Use^>.ameinuse%%ComputerToProcess%% ^&GOTO :EOF>>machine_updater.bat ECHO. >>machine_updater.bat ECHO :CHANGEPASSWORD>>machine_updater.bat ECHO IF %%TargetAdministratorPassword%%

RaNdOmû GOTO RANDOMPASSWORD>>machine_updater.bat ECHO IF %%RenameAdministratorAccount%%

0 NETUSER /RID:500 /DOMAIN:\%%ComputerToProcess%% /PASS:%%TargetAdministratorPassword%%>>machine_updater.bat ECHO IF %%RenameAdministratorAccount%%

0 GOTO CHANGEPASSWORDERRORTEST>>machine_updater.bat ECHO NETUSER %%TargetAdministratorName%% /DOMAIN:\%%ComputerToProcess%% /PASS:%%TargetAdministratorPassword%%>>machine_updater.bat ECHO :CHANGEPASSWORDERRORTEST>>machine_updater.bat ECHO IF NOT "%%ERRORLEVEL%%"

"0" ECHO password_change_failure^>^>.password_change_failure%%ComputerToProcess%% ^&GOTO :EOF>>machine_updater.bat ECHO GOTO COMPLETEDMACHINCESUCCESSFULLY>>machine_updater.bat ECHO. >>machine_updater.bat ECHO :RANDOMPASSWORD>>machine_updater.bat ECHO SET RandomPasswordSettings=/RANDOM:14 /UPPERASCII >>machine_updater.bat ECHO IF %%LogRandomPassword%%

1 GOTO RANDOMPASSWORDLOGGED>>machine_updater.bat ECHO IF %%RenameAdministratorAccount%%

0 NETUSER /RID:500 /DOMAIN:\%%ComputerToProcess%% %%RandomPasswordSettings%% >>machine_updater.bat ECHO IF %%RenameAdministratorAccount%%

0 GOTO RANDOMPASSWORDERRORTEST>>machine_updater.bat ECHO NETUSER %%TargetAdministratorName%% /DOMAIN:\%%ComputerToProcess%% %%RandomPasswordSettings%% >>machine_updater.bat ECHO. >>machine_updater.bat ECHO GOTO RANDOMPASSWORDERRORTEST>>machine_updater.bat ECHO :RANDOMPASSWORDLOGGED>>machine_updater.bat ECHO IF %%LogRandomPassword%%

1 SET RandomPasswordSettings=/RANDOM:14 /UPPERASCII /ALTCODE >>machine_updater.bat ECHO IF %%RenameAdministratorAccount%%

0 NETUSER /RID:500 /DOMAIN:\%%ComputerToProcess%% %%RandomPasswordSettings%% ^>.Random_Password_Logs%%ComputerToProcess%%>>machine_updater.bat ECHO IF %%RenameAdministratorAccount%%

0 GOTO RANDOMPASSWORDERRORTEST>>machine_updater.bat ECHO NETUSER %%TargetAdministratorName%% /DOMAIN:\%%ComputerToProcess%% %%RandomPasswordSettings%% ^>.Random_Password_Logs%%ComputerToProcess%%>>machine_updater.bat ECHO. >>machine_updater.bat ECHO :RANDOMPASSWORDERRORTEST>>machine_updater.bat ECHO IF NOT "%%ERRORLEVEL%%"

"0" ECHO password_change_failure^>^>.password_change_failure%%ComputerToProcess%% ^&GOTO :EOF>>machine_updater.bat ECHO. >>machine_updater.bat ECHO :COMPLETEDMACHINCESUCCESSFULLY>>machine_updater.bat ECHO ECHO %%ComputerToProcess%% ^> .completed%%ComputerToProcess%%>>machine_updater.bat ECHO GOTO :EOF>>machine_updater.bat ECHO. >>machine_updater.bat ECHO :UNDETERMINEDMACHINETYPE>>machine_updater.bat ECHO IF "%%MachineType%%"

"NT4Workstations" GOTO :EOF>>machine_updater.bat ECHO IF "%%MachineType%%"

"W2KWorkstations" GOTO :EOF>>machine_updater.bat ECHO IF "%%MachineType%%"

"NT4MemberServers" GOTO :EOF>>machine_updater.bat ECHO IF "%%MachineType%%"

"W2KMemberServers" GOTO :EOF>>machine_updater.bat ECHO IF "%%MachineType%%"

"NT4PDC" GOTO :EOF>>machine_updater.bat ECHO IF "%%MachineType%%"

"W2KDC" GOTO :EOF>>machine_updater.bat ECHO ECHO %%ComputerToProcess%% ^> .undetermined%%1>>machine_updater.bat ECHO GOTO :EOF>>machine_updater.bat ECHO. >>machine_updater.bat ECHO :OFFLINESTATE>>machine_updater.bat ECHO ECHO %%ComputerToProcess%% ^>.offline%%ComputerToProcess%%>>machine_updater.bat ECHO GOTO :EOF>>machine_updater.bat GOTO :EOF :OSERROREND ECHO This script is only for NT4 and above systems. GOTO VERYBOTTOM :END ECHO. ECHO. CHOICE "Do you want to view the log file now " IF %ERRORLEVEL%

1 START NOTEPAD.EXE %LOGFILENAME% :CRONSTAMP2 FOR /F "Delims=- Tokens=1-2" %%a in ('ECHO %StartTime%') DO ECHO StartTime was %%a:%%b FOR /F "Delims= Tokens=1*" %%a in ('TIME /T') DO ECHO Finish Time was%%a ECHO. ECHO. ECHO FINISHED PROCESSING ALL MACHINES IN THE WORKING LIST. ECHO YOU MAY CLOSE THIS WINDOW NOW. PAUSE GOTO VERYBOTTOM REM List of thing to finish or fix. REM Replace the CUSRMGR.EXE with the updated NETUSER.EXE REM Replace the GETTYPE.EXE with the updated SERVERINF.EXE :VERYBOTTOM ENDLOCAL
 

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like