/build/static/layout/Breadcrumb_cap_w.png

Local Admin password change and K1000

I have a silly question.  I need to change our local Administrator password for all of our machines and wanted to know do I need to change anything in KACE?  I know my predecessor tried to change it and KACE would no longer work with Local System selected and no scripts would run until the old password was re- added to the machines.  He claimed that the # symbol was the problem, I think he was nuts, but I could be wrong and he is gone...lol

 

Does KACE have the admin passwords hard coded on the server for Local Systems? If so, where and are there symbol/password length issues?   If I were to guess the admin accounts on user machines would need to be changed first, then KACE should pick up that change.

Thoughts???
Asked 6 years ago 5448 views
0 Comments   [ + ] Show comments

Answers (4)

Posted by: DaveMT 6 years ago
4th Degree Black Belt
4

If you do have user accounts/passwords saved in KACE.  They would be under Settings>Credentials.  Check there and update accounts as needed.  These are only used when you have a script or other process call for a saved credential run.

To change the local workstation password via KACE, we use a KACE script command with a VBS script to change local admin passwords.  It works well (when run as local system and as an online script), but we have had issues with some passwords not changing because of specific characters in them (Mostly on Windows 7 PCs). 

Here is the script we use:  (you will need to change 3 items for username/password).

Set oShell = CreateObject("WScript.Shell")
Const SUCCESS = 0
 
sUser = "LOCALADMINUSER"
sPwd = "NEWPASSWORD"
 
' get the local computername with WScript.Network,
' or set sComputerName to a remote computer
Set oWshNet = CreateObject("WScript.Network")
sComputerName = oWshNet.ComputerName
 
Set oUser = GetObject("WinNT://" & sComputerName & "/" & sUser)
 
' Set the password
oUser.SetPassword sPwd
oUser.Setinfo
 
oShell.LogEvent SUCCESS, "LOCALADMIN password was changed!"

Comments:
  • Hello,
    With this script, kace copy the vbs file to the computer, how you can protect the new password ? You encrypt vbs file ?
    Thanks - gjoubert 5 years ago
    • Maybe you can "protect it" by deleting it after execution. - ewoywood 5 years ago
Posted by: chucksteel 6 years ago
Red Belt
0
The local administrator password should be irrelevant because the KACE agent runs in the system context by default. If your scripts are set to run via a local user then that password would be stored in the credentials area. I would recommend changing the administrator password on one machine and then trying to run a script, should be easy enough to check.

Posted by: Ted S 6 years ago
Senior White Belt
0
Thank you guys
Posted by: JordanNolan 6 years ago
10th Degree Black Belt
0

In my K2000 I use an account "LocalAdmin" to do my scripted installs.  When the deployment completes I no longer needed the account so I would reset the password to a random 20 character password and take the account out of the local admin group.  Below is the script do this.

---------------------------------------------------

@Echo Off
Setlocal EnableDelayedExpansion
Set _RNDLength=20
Set _Alphanumeric=ABCDEFGHIJKLMNOPQRSTUVWXYZ!@$%[]()~-_,^:?/\0123456789abcdefghijklmnopqrstuvwxyz
Set _Str=%_Alphanumeric%987654321
:_LenLoop
IF NOT "%_Str:~18%"=="" SET _Str=%_Str:~9%& SET /A _Len+=9& GOTO :_LenLoop
SET _tmp=%_Str:~9,1%
SET /A _Len=_Len+_tmp
Set _count=0
SET _RndAlphaNum=
:_loop
Set /a _count+=1
SET _RND=%Random%
Set /A _RND=_RND%%%_Len%
SET _RndAlphaNum=!_RndAlphaNum!!_Alphanumeric:~%_RND%,1!
If !_count! lss %_RNDLength% goto _loop
net user localadmin !_RndAlphaNum!
net localgroup Administrators localadmin /delete

---------------------------------------------------

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ