Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Change Remote Local Admin's Password

Hey,

so here we have 2 parts:

1-Save an encrypted Password in a file to use later.

2-Change Remote Local Admin Password with PDQ.

Let's start.

 

1-Save an encrypted Password in a file to use later.

Here we talk about 2 files:

"ChangePassword.ps1" & "Required.txt"

Create "ChangePassword.ps1" somewhere with :

$key = (1..16) 
#Ask for the password, secure and save it for later
$securepass = Read-Host -AsSecureString -Prompt "Veuillez entrer le mot de passe du compte utilise" | ConvertFrom-SecureString -Key $Key
#Path to the file
$encrypted = $securepass | Out-File -FilePath '\\**UNCPATH**\Required.txt'

Adjust "**UNCPATH**" on the last line, usually "Required.txt" is in the same directory than "ChangePassword.ps1".

Then run "ChangePassword.ps1", enter the Local Admin's Password you want for your remote computer.

Now the password is safe, go to PDQ.

 

2-Change Remote Local Admin Password with PDQ.

 

Screenshots:

Output :

 

Code :

Adjust "**UNCPATH**" to "Required.txt"

Change "$Username = Administrateur" to ""$Username = Administrator" if needed.

And translate comments from French.

Set-StrictMode -version Latest

#Set Error Action to Silently Continue
$ErrorActionPreference = "SilentlyContinue"
$scriptFile = "Changement Mot de Passe Administrateur"

#----------------------------------------------------------[Declarations]----------------------------------------------------------

$scriptName = [System.IO.Path]::GetFileName($scriptFile)
$scriptVersion = "0.1"

$ComputerName = $env:COMPUTERNAME
$Computer = [ADSI] "WinNT://$ComputerName,Computer"
#$DecodedPassword = ""

#Insert an Encrypted Password
$encrypted = Get-Content -Path '\\**UNCPATH**\Required.txt'
$key = (1..16)
$Username = "Administrateur"
$Password = $encrypted | ConvertTo-SecureString -Key $key
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username , $Password
$BSTR = `
[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)
$DecodedPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)


#-----------------------------------------------------------[Execution]------------------------------------------------------------
Write-Host "======================================================="
Write-Host {}{}{}{}{}{}{}{}{}{}{}{}"$scriptName"
Write-Host "======================================================="


#Get local admin account name
Write-Progress -Activity "Obtention du nom d'utilisateur de l'Admin Local..." -status "Running..." -id 1
foreach ( $childObject in $Computer.Children ) {
# Skip objects that are not users.
if ( $childObject.Class -ne "User" ) {
continue
}
$type = "System.Security.Principal.SecurityIdentifier"
# BEGIN CALLOUT A
$childObjectSID = new-object $type($childObject.objectSid[0],0)
# END CALLOUT A
if ( $childObjectSID.Value.EndsWith("-500") ) {
$LocalAdminAccount = $($childObject.Name[0])
break
}
}

#Show local Admin account
Write-Progress -Activity "Show local Admin account" -status "En Cours..." -id 1 -Verbose
Write-Host -ForegroundColor Green "Compte Admin Local: $LocalAdminAccount"

#Define new password to local Admin account
Write-Progress -Activity "Definition d'un nouveau mot de passe pour le compte Admin Local" -status "En Cours..." -id 1 -Verbose
$Computer
$User = [adsi]"WinNT://$ComputerName/$LocalAdminAccount,user"
$User.SetPassword($DecodedPassword)
$User.SetInfo()
Write-Host -ForegroundColor Green "Password correctement modifie !"

 

 

To recap :

Create and run "ChangePassword.ps1" and adjust "**UNCPATH**" to a directory to create "Required.txt".

Copy the tool's code to PDQ and adjust "**UNCPATH**" to "Required.txt"

Change "$Username = Administrateur" to ""$Username = Administrator" if needed.

Run the tool.

 

Enjoy !

 

3

Comments

1 comment
Date Votes
  • I suggest LAPS as a better mechanism overall

    1