Local Administrator password rename and change

This topic contains 4 replies, has 4 voices, and was last updated by Profile photo of Mark Mark 1 year, 5 months ago.

  • Author
    Posts
  • #31329
    Profile photo of vcloudguy
    vcloudguy
    Participant

    I am trying to run the powershell code below to rename the local administrator username and then set a password.

    The scipt runs successfully but is unable to rename the Administrator account or set the password. It just returns the error message from the code below

    Error Renaming Administrator Account on TestMachine2008
    Error When Setting Password TestMachine2008

    What am I doing wrong?

    $securePW = Read-Host -assecurestring "Please Enter The New Local Admin Password"
    $tempCred = New-Object System.Management.Automation.PSCredential("Temp",$securePW)
    $newcred = $tempCred.GetNetworkCredential()
    $userPW = $newcred.Password.ToString()
    $computers = @("TestMachine2008")

    foreach($computer in $computers) {
    if (test-connection -computername $computer -quiet) {
    try {
    $WinNTPath = "WinNT://" + $computer + "/Administrator,User"
    $localAdmin = [ADSI]$WinNTPath
    try {
    $localAdmin.psbase.rename("SuperAdmin")
    Write-Host "Successfully Renamed Administrator Account on " $computer
    }
    catch {
    Write-Host "Error Renaming Administrator Account on " $computer
    }
    $localAdmin.setpassword($userPW)
    Write-Host "Successfully Set Password on " $computer
    }
    catch {
    Write-Host "Error When Setting Password " $computer
    }
    }
    else {
    Write-Host "Ping Failed to" $computer
    }
    }

  • #31347
    Profile photo of Christian Sandfeld
    Christian Sandfeld
    Participant

    My best guess would be that what you are trying to do, require elevated priviledges, and you are not running PowerShell as admininstrator. However it is impossible to know the cause of the error, from what you have provided above. In the code you have posted, you are effectively hiding the real error messages in your Try/Catch blocks.

  • #31352
    Profile photo of Mark
    Mark
    Participant

    Try commenting out the Try & Catch statements.

    Run the script and you should error out with enough details to identify and troubleshoot the error.

  • #31394
    Profile photo of Mike Eyler
    Mike Eyler
    Participant

    Use a GPO 🙂

  • #31411
    Profile photo of Mark
    Mark
    Participant

    Microsoft has phased out/disabled the ability to set local account passwords via GPO. Apparently, the method used to store passwords in the Preferences of a GPO is not secure.

    There's a security bulletin MS14-025 for it.
    https://support.microsoft.com/en-us/kb/2962486

    There are some workarounds in the article which may be of help.
    .

You must be logged in to reply to this topic.