Trilight Zone

[digital8]

By: Michael Mott
Posted On: 4/15/2005

Here is a utility that we beat out of one of our summer interns a few years back. It’s a compiled exe that allows you to take a list of machine names from a text file, and run a password changer for the local admin account. The beauty of this tool is, it will run until completion, meaning it will create a list of missed machines and machines your account does not have access and supply you with a running percentage complete.

The issue with changing a local admin password is you miss machines that are not currently on, this tool gets around that by creating a missed machine text file and hitting that list till it either completes, or you kill the job. The screen shots below give you a bit of an idea how the tool works. First, launch the application ‘Local Security Utility.exe’ and fill in the information prompts:

1. Enter the account name = The local admin account you want to change.
2. Enter the new Password = uh, hello? That’s a statement not the answer.
3. Enter in a comment (Usually: Name, Date) = I put my name and the date. You will see why later but this is so you can track who did what when.
4. Enter the text filename (Machine Names) = Create a text file of the machines to change. I usually pull this from SMS, but you could use hyena or any other method of dumping machine names.

So now after launching the utility, here is the start screen with my info:





As you can see the utility read the text file and displays the number of machines in the list. And here we get a perfect example that the account we want to change isn’t even an admin on the machine!





Now we see the utility kicking in and using cusrmgr.exe to change the password! The ‘could not connect’ message means the machine is not on at the time, so hence we cant change the password, but it will get dropped into a miss.txt file that the utility will then read from, and continue running until all machines are changed:





The whole time the utility runs, it drops a tracker to the task bar, where you can see what percentage of machines have been hit and changed:





And about 10 minutes later….





You could leave this run for days, but you have to decide what’s the percentage to you, that signals the most coverage or change. To kill the utility window just close or ctrl-c to stop the application. Below will is the missed text file, which you can use as a guide on who to target next time, or as an affirmation of who was missed.





I have used this tool to change the local admin password 3 times at our site, and it has done the job flawless each time. Earlier I mentioned adding a name or date to your comments field. The reason for this, is so you can see in local users and groups MMC who made changes and when:





So to recap, there are a few things you will need to do to get this to work, the attached utility and something from the resource named cusrmgr.exe. I looked to see if this utility was available free for download, but its not, and its to late to re-engineer the code at this time. If you do have this resource kit tool, create a folder and drop both exes into one folder. You must have an account with access to change the local admin password on your desktops, so if you’re a domain admin or know someone who is, follow the directions above and get to changing that local admin password.

Download script:
10601Local Security Utility.zip - http://myitforum.techtarget.com/inc/arts/10601Local%20Security%20Utility.zip