I have used a similar method in the past at other locations.
One of the easier ways is to run this vbscript on an administrators machine,
against all of the computers you want to change the password on, rather than
having the individual machines run the script. If you create an HTA to use
your vbscript and have two input boxes that give the username and password
that you are changing to the script as you run it, then accessing files with
a saved username and password doesn't happen.
-Frank
-----Original Message-----
From: tth8@cornell.edu [mailto:tth8@cornell.edu]
Sent: Thursday, December 01, 2005 11:03 AM
To: focus-ms@securityfocus.com
Subject: Changing local admin PW using vb logon script - can it be
encrypted?
Hi all,
Long time lurker, first time poster. We have roughly 500 computers that
we'd like to change the local admin passwords on. We realize the security
risks of having 1 password on all of our computers and are willing to assume
that risk. We've developed a VB script that we can implement as a logon
script that works perfectly to change the password. We do not want this
script sent along as clear text if we can avoid it. Is there any way we can
encrypt this script?
We've looked at options such as using Windows permissions to either deny
Domain Users access (preventing anyone from reading the script) or allowing
only Domain Computers Read Only access...however I think that if you are
logged into a local computer you should be able to read the script. Not to
mention, if you could capture the packets, you could easily find the script
and its contents so permissions would matter at all in that scenario.
Any help and/or insight is greatly appreciated.
Best,
...tom
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
