Local Admin Password in workgroup

This topic contains 12 replies, has 4 voices, and was last updated by Profile photo of Tim Pringle Tim Pringle 1 year, 12 months ago.

  • Author
    Posts
  • #21110
    Profile photo of subodh uniyal
    subodh uniyal
    Participant

    Hello Guys,

    I was working on a script to reset password of local admin in workgroup computers. I have more than 500 computers.

    I created below code to automate this task, but somehow it is not working. When I am using single computer name in this same script it works.

    In error sometime it says “Exception calling "Invoke" with "2" argument(s): "The specified local group does not exist.” OR “Exception calling "Invoke" with "2" argument(s): "The network path was not found.”
    The List.txt file contains below lines and there is no space
    PC1
    PC2

    I can ping/resolve/browse these PCs.

    Could someone please suggest me on this.

    Admin.txt file attached.

  • #21112
    Profile photo of tommymaynard
    tommymaynard
    Member

    I didn't spend much time looking this over, but you need double quotes around "$Computer\$UserID" on the line where you assign it to $AdminAccount. Take a look at my example.

    PS C:\> $a = 'It is finally'
    PS C:\> $b = 'Friday!'
    PS C:\> $c = '$a $b'
    PS C:\> $c
    $a $b
    PS C:\> $c = "$a $b"
    PS C:\> $c
    It is finally Friday!
    PS C:\>
    
    
  • #21114
    Profile photo of subodh uniyal
    subodh uniyal
    Participant

    Thanks !

    I tried but same problem.

    Exception calling "Invoke" with "2" argument(s): "The network path was not found.”

    Please help me.

  • #21115
    Profile photo of subodh uniyal
    subodh uniyal
    Participant

    I don't know where I am lacking but I spent lot of time to debug this but no luck.

  • #21119
    Profile photo of Tim Pringle
    Tim Pringle
    Participant

    Maybe not much help, but my personal preference for this type of task is to use Invoke-Expression to execute the code on the remote system. It lessens complexity, and also has the benefit that you can do your password reset operations simply with Net Use, which is infinitely easier.

  • #21120
    Profile photo of subodh uniyal
    subodh uniyal
    Participant

    It seems the error is with below command

    $user = New-Object System.DirectoryServices.DirectoryEntry("WinNT://$Computer/$UserID",$AdminAccount,$AdminPassword)

    running only $User gives me same error.

  • #21121
    Profile photo of Michael Orellana
    Michael Orellana
    Participant
    New-Object System.DirectoryServices.DirectoryEntry("WinNT://$Computer/Administrator",$AdminAccount,$AdminPassword

    If the username remains a constant, try throwing 'Administrator' into the path like the example above. I had a similar issue yesterday where the path did not accept the username stored in a variable.

  • #21122
    Profile photo of subodh uniyal
    subodh uniyal
    Participant

    Thanks Tim !

    Invoke-Expression, Invoke-Command need extra settings on remote computer to run commands using PowerShell which I cannot configure, that's why I am using this method.

  • #21123
    Profile photo of tommymaynard
    tommymaynard
    Member

    $AdminPassword and $NewPassword are both secure (System.Security.SecureString). Perhaps you need to use $pwd1_text (or, $pwd2_text) in place of $NewPassword, and $pwd11_text (or, $pwd12_text) in place of $AdminPassword.

  • #21124
    Profile photo of subodh uniyal
    subodh uniyal
    Participant

    Hi Michael,

    I tried this also but same error.

  • #21125
    Profile photo of subodh uniyal
    subodh uniyal
    Participant

    Thanks a lot Tom !!!!

    That was the problem, I used clear txt password and it worked. But I don't want to send clear txt password over network, any workaround so that I can send secure txt. Please suggest.

  • #21126
    Profile photo of tommymaynard
    tommymaynard
    Member

    Someone more knowledgeable may need to step in to properly answer the password/clear text portion of this thread. I considered it may send those passwords in the clear, but also suspected it was the problem and so I shared it. It's simply unfortunate you can't use PSRemoting and Invoke-Command. It's secure by default and eliminates these old concerns of sending clear text over the wire. PSRemoting uses encryption by default. In fact, most ways to secure PSRemoting are to secure things that aren't PSRemoting – blocking the ports used at the border firewall, using non-Internet routeable IP space.

  • #21127
    Profile photo of Tim Pringle
    Tim Pringle
    Participant

    Thing you're going to have a couple of problems. First difficulty is going to lie in that the actual constructor for DirectoryEntry takes as input values of type string, not secure string. Second is that (from what i can recall) a secure string is only valid using the account in use when it was generated AND only on the system it was created on. i.e. It's not going to be shippable.

    BTW are the credential delegation and other winrm applicable settings not changeable on the target machines because of your security policy? If it's just from an implementation challenge point of view, I'm thinking you might be able to go down the psexec route for configuring the systems to have WinRM and CredSSP enabled as required.....

You must be logged in to reply to this topic.