-
Notifications
You must be signed in to change notification settings - Fork 59
/
Copy pathReplace-LocalAdminPassword.ps1
80 lines (60 loc) · 2.54 KB
/
Replace-LocalAdminPassword.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#requires -version 2
<#
.SYNOPSIS
Replace password of local admin account
.DESCRIPTION
Get local account (user object) with $childObjectSID ends with "-500" (Admin account) then replace password
.INPUTS
<None>
.OUTPUTS
<None>
.NOTES
Version: 0.1
Author: ALBERT Jean-Marc
Creation Date: 29/04/2016 (DD/MM/YYYY)
Purpose/Change: 1.0 - 2016.04.29 - ALBERT Jean-Marc - Initial script development
.SOURCES
<None>
.EXAMPLE
<None>
#>
#---------------------------------------------------------[Initialisations]--------------------------------------------------------
Set-StrictMode -version Latest
#Set Error Action to Silently Continue
$ErrorActionPreference = "SilentlyContinue"
#----------------------------------------------------------[Declarations]----------------------------------------------------------
$scriptName = [System.IO.Path]::GetFileName($scriptFile)
$scriptVersion = "0.1"
$ComputerName = $env:COMPUTERNAME
$Computer = [ADSI] "WinNT://$ComputerName,Computer"
$DecodedPassword = "Str0n6P@ssw0rd!!"
#-----------------------------------------------------------[Execution]------------------------------------------------------------
Write-Host "======================================================="
Write-Host {}{}{}{}{}{}{}{}{}{}{}{}"$scriptName"
Write-Host "======================================================="
#Get local admin account name
Write-Progress -Activity "Get local admin account name" -status "Running..." -id 1
foreach ( $childObject in $Computer.Children ) {
# Skip objects that are not users.
if ( $childObject.Class -ne "User" ) {
continue
}
$type = "System.Security.Principal.SecurityIdentifier"
# BEGIN CALLOUT A
$childObjectSID = new-object $type($childObject.objectSid[0],0)
# END CALLOUT A
if ( $childObjectSID.Value.EndsWith("-500") ) {
$LocalAdminAccount = $($childObject.Name[0])
break
}
}
#Show local Admin account
Write-Progress -Activity "Show local Admin account" -status "Running..." -id 1
Write-Host -ForegroundColor Green "Local user account: $LocalAdminAccount"
#Define new password to local Admin account
Write-Progress -Activity "Define new password to local Admin account" -status "Running..." -id 1
$Computer
$User = [adsi]"WinNT://$ComputerName/$LocalAdminAccount,user"
$User.SetPassword($DecodedPassword)
$User.SetInfo()
Write-Host -ForegroundColor Green "Password changed successfully"