This script does a lot in one fowl swoop.
1. It creates a new local user on the machine, unless the user already exists of course
2. Renames the local 'Administrator' account to another name
3. Changes the renamed 'Administrator' account's password
4. Creates a file in 'c:\windows' so the script won't run on the next startup
5. Adds a domain group to a local computer group
You can change the names/passwords accordingly. I put the things that need to be changed in italics. It works well in a .vbs script and used as a startup GPO to deploy it. The script will check for the file it created in c:\windows, if it doesn't find it, it won't run.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objNFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists("C:\Windows\accountchanged.txt") Then
WScript.Quit
End if
If objFSO.FileExists("C:\winnt\system.ini") Then
WScript.Quit
End if
' Get's the computer name
set objNetwork=createobject("wscript.network")
strComputer=objNetwork.computername
'Loads the administrators group
set objGroup=GetObject("WinNT://" & strComputer & "/Administrators,group")
' Run the Load method
Load
' Encapsulates the processing of this script
Sub Load()
' Create the local user
CreateUser "Username","Password","Administrators", "Local admin account"
' MsgBox "Complete!"
End Sub
' Create the local user
Sub CreateUser(userName, password, group, description)
' Check to see if the user exists; if so, then skip
If NOT CheckIfUserExists(userName) Then
Set objComputer = GetObject("WinNT://" & strComputer & "")
Set objUser = objComputer.Create("user", userName)
objUser.SetPassword password
objUser.FullName = userName
objUser.Description = description
objUser.Put "UserFlags", 65600 ' Sets Password Never Expires to TRUE
' and sets User Can't Change Password to TRUE
objUser.SetInfo
objGroup.Add(objUser.ADsPath)
Else
' MsgBox userName & " already exists!"
End If
End Sub
' Check to see if user exists
Function CheckIfUserExists(userName)
Set objComputer = GetObject("WinNT://" & strComputer & "")
objComputer.Filter = Array("user")
intFound = 0
For Each User In objComputer
If lcase(User.Name) = lcase(userName) Then
intFound = 1
End If
Next
If intFound = 1 Then
CheckIfUserExists = True
Else
CheckIfUserExists = False
End If
End Function
'Rename Administrator account to admn..1
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colAccounts = objWMIService.ExecQuery _
("Select * From Win32_UserAccount Where LocalAccount = True And Name = 'Administrator'")
For Each objAccount in colAccounts
objAccount.Rename "username"
Next
' Change adm..1 password
Set objUser = GetObject("WinNT://" & strComputer & "/username,user")
objUser.SetPassword "password"
objUser.SetInfo
' Add wksadmin to local Administrators group
set objAdmins = GetObject("WinNT://" & strComputer & "/Administrators,group")
Set objGroup1 = GetObject("WinNT://domain/domain group")
if not objAdmins.ismember(objGroup1.adspath) then
objAdmins.add objGroup1.adspath
end if
' Create check file
Set objOutFile = objFSO.OpenTextFile("C:\Windows\accountchanged.txt", 8, True)
objOutFile.WriteLine("Completed " & Date)
objOutFile.Close
New places – same old struggles
7 years ago
No comments:
Post a Comment