Hi, Check out my utility chwinpw at http://itefix.no/chwinpw :
Chwinpw is a small command line utility that can securely change passwords on remote/local windows machines. By periodic password maintenance of your vital accounts, chwinpw can help you to enforce a higher degree of security in your environment. Chwinpw supports also service accounts. Chwinpw can be run from a logon script or from a central location. It is also possible to instruct chwinpw to make bulk changes. Rgrds Tev > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: 1. desember 2005 18:39 > To: [EMAIL PROTECTED]; [email protected] > Subject: RE: Changing local admin PW using vb logon script - > can it be encrypted? > > I have used a similar method in the past at other locations. > > One of the easier ways is to run this vbscript on an > administrators machine, against all of the computers you want > to change the password on, rather than having the individual > machines run the script. If you create an HTA to use your > vbscript and have two input boxes that give the username and > password that you are changing to the script as you run it, > then accessing files with a saved username and password > doesn't happen. > > -Frank > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 01, 2005 11:03 AM > To: [email protected] > Subject: Changing local admin PW using vb logon script - can > it be encrypted? > > Hi all, > > Long time lurker, first time poster. We have roughly 500 > computers that we'd like to change the local admin passwords > on. We realize the security risks of having 1 password on > all of our computers and are willing to assume that risk. > We've developed a VB script that we can implement as a logon > script that works perfectly to change the password. We do > not want this script sent along as clear text if we can avoid > it. Is there any way we can encrypt this script? > > We've looked at options such as using Windows permissions to > either deny Domain Users access (preventing anyone from > reading the script) or allowing only Domain Computers Read > Only access...however I think that if you are logged into a > local computer you should be able to read the script. Not to > mention, if you could capture the packets, you could easily > find the script and its contents so permissions would matter > at all in that scenario. > > Any help and/or insight is greatly appreciated. > > Best, > ...tom > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
