Change-LocalAdminPassword.ps1

1. <#
2. SCRIPT NAME:    Change-LocalAdminPassword.ps1
3. AUTHORED BY:    Sitaram Pamarthi (https://4sysops.com/archives/change-the-local-administrator-password-on-multiple-computers-with-powershell/)
4. ADAPTED BY:     Kismet Agbasi
5. DATE ADAPTED:   02/05/2019
6. VERSION:        1.0
7.  
8.  
9. WHAT THIS SCRIPT DOES:
10. This is a PowerShell script that takes simple input and will allow a System Administrator (SA) to automate the otherwise mundane and tedious
11. task of Local Administrator Account Password Management.  Reading from a text file, this script will change the password of the specified
12. account on multiple remote computers.
13.  
14. Here's how the original script author puts it:
15.  
16.     .Synopsis
17.         Change local administrator password on list of computers given in a text file.
18.        
19.     .Description
20.         This script picks up the computer names from given input file and changes the local administrator password.
21.  
22.     .Parameter InputFile    
23.         The full path of the text file name where computer account names are stored. Ex: C:\temp\computers.txt
24.        
25.     .Example
26.         Update-LocalAdministratorPassword.ps1 -InputFile c:\temp\Computers.txt
27.        
28.         This prompts you for the password for two times and updates the local administrator password on all computers to that.
29.        
30.     .Example
31.         Update-LocalAdministratorPassword.ps1 -InputFile c:\temp\Computers.txt -Verbose
32.        
33.         This tells you what exactly happening at every stage of the script.
34.  
35. #>
36.  
37. #BEGIN SCRIPT
38.  
39. #Let's define and parametize the variables for the input file and output directory.
40. [cmdletbinding()]
41. param (
42. [parameter(mandatory = $true)]
43.     $InputFile,
44.     $OutputDirectory
45. )
46.  
47. # Let's declare our global variables
48. $ScriptStartDate = $(Get-Date)
49. $MailCred = Import-Clixml .\SecurePasswd-Gmail.clixml
50. [System.Collections.ArrayList]$ReportObject = @() #An array to hold the output as we interate through each computer
51.  
52. # Let's define default values for the Send-MailMessage object
53. $PSDefaultParameterValues.Add("Send-MailMessage:From","Sender <sender@gmail.com>")
54. $PSDefaultParameterValues.Add("Send-MailMessage:To","Recipient <Recipient@Outlook.com>")
55. $PSDefaultParameterValues.Add("Send-MailMessage:Subject","TEST - Local Account Password Maintenance Task Report")
56. $PSDefaultParameterValues.Add("Send-MailMessage:Priority","High")
57. $PSDefaultParameterValues.Add("Send-MailMessage:SmtpServer","smtp.gmail.com")
58. $PSDefaultParameterValues.Add("Send-MailMessage:Port","587")
59. $PSDefaultParameterValues.Add("Send-MailMessage:UseSsl",$true)
60. $PSDefaultParameterValues.Add("Send-MailMessage:Credential",$MailCred)
61.  
62. #Let's grab the current working directory and set that as the Output Directory, in to which
63. #we will place the "Failed-Computers.txt" log file.
64. If(!$OutputDirectory) {
65.     $OutputDirectory = (Get-Item $InputFile).DirectoryName
66. }  
67. $FailedComputers = Join-Path $OutputDirectory "Failed-Computers.txt"
68. $Stream = [System.IO.StreamWriter] $FailedComputers
69. $Stream.Writeline("ComputerName `t IsOnline `t PasswordChangeStatus")
70. $Stream.Writeline("____________ `t ________ `t ____________________")
71.  
72. #Let's capture the target user account and new password we need to set
73. Do {
74.     $TargetAccount = Read-Host "Please enter the target user account name"
75.  }Until ( $TargetAccount -ne "" )
76.  
77. Do {
78.     $Password = Read-Host "Please enter the new password for $TargetAccount" -AsSecureString
79.     $ConfirmPassword = Read-Host "Please confirm the new password" -AsSecureString
80.  
81.     $Pwd1_Text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password))
82.     $Pwd2_Text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($ConfirmPassword))
83. } While ($Pwd1_Text -ne $Pwd2_Text)
84.  
85. <#If($Pwd1_Text -ne $Pwd2_Text) {
86.     Write-Error "The entered passwords do not match. Script is exiting!"
87.     $Stream.Close()
88.     Exit
89. }#>
90.  
91. If(!(Test-Path $InputFile)) {
92.     Write-Error "The Input File {($InputFile)} was not found. Script is exiting!"
93.     $Stream.Close()
94.     Exit
95. }
96.  
97. #Now that we have the password to set, let's get a list of target computers.
98. $Computers = Get-Content -Path $InputFile
99.  
100. #Now let's loop through each computer and change the specified account password.
101. ForEach ($Computer in $Computers) {
102.  
103.     $Computer   =   $Computer.ToUpper()
104.     $IsOnline   =   "OFFLINE"
105.     $Status     =   "SUCCESS"
106.  
107.     Write-Verbose "Working on $Computer"
108.     If((Test-Connection -ComputerName $Computer -count 1 -ErrorAction 0)) {
109.         $IsOnline = "ONLINE"
110.         Write-Verbose "`t$Computer is Online"
111.     } Else { Write-Verbose "`t$Computer is OFFLINE" }
112.  
113.     Try {
114.         $Account = [ADSI]("WinNT://$Computer/$TargetAccount,user")
115.         $Account.psbase.invoke("setpassword",$Pwd1_Text)
116.         Write-Verbose "`tPassword Change completed successfully"
117.     }
118.     Catch {
119.         $Status = "FAILED"
120.         Write-Verbose "`tFailed to Change the password for $TargetAccount on $Computer. Error: $_"
121.         $StatsError = "$_"
122.     }
123.  
124.     $Obj = New-Object -TypeName PSObject -Property @{
125.         Date = "$(Get-Date)"
126.         ComputerName = $Computer
127.         IsOnline = $IsOnline
128.         PasswordChangeStatus = $Status
129.         DetailedStatus = $StatsError
130.     }
131.  
132.     <#$Obj | Format-Table ComputerName, Date, IsOnline, PasswordChangeStatus, DetailedStatus -AutoSize
133.     $Obj | Select-Object "ComputerName", "Date", "IsOnline", "PasswordChangeStatus", "DetailedStatus" | Export-Csv -Append -Path ".\output.csv" -NoTypeInformation
134.     $Obj | Select-Object "ComputerName", "Date", "IsOnline", "PasswordChangeStatus", "DetailedStatus" | ConvertTo-Html | Out-File -FilePath .\Report.html
135.     #>
136.  
137.     <#If($Status -eq "FAILED" -or $IsOnline -eq "OFFLINE") {
138.         $Stream.Writeline("$Computer `t $IsOnline `t $Status")
139.     }#>
140. return $Obj
141. }
142.  
143. $ReportObject.Add($Obj) | Out-Null
144.  
145. $ReportObject | Format-Table ComputerName, Date, IsOnline, PasswordChangeStatus, DetailedStatus -AutoSize
146. $ReportObject | Select-Object "ComputerName", "Date", "IsOnline", "PasswordChangeStatus", "DetailedStatus" | Export-Csv -Append -Path ".\output.csv" -NoTypeInformation
147. $ReportObject | Select-Object "ComputerName", "Date", "IsOnline", "PasswordChangeStatus", "DetailedStatus" | ConvertTo-Html | Out-File -FilePath .\Report.html
148.  
149. #Finally, let's close the Stream Writer, write the stream to the text file
150. #and notify the user of the location of the FailedComputers log file
151. $Stream.Close()
152. Write-Host "`n`nFailed computers list is saved to $FailedComputers"
153. $ScriptEndDate = $(Get-Date)
154.  
155. #Send an email log of what was done
156. $MsgBody = @"
157.  
158. Dear IT Admins,
159.  
160. Please be advised that the local admin account password for [ $TargetAccount ] has been changed
161. successfully on the following hosts:
162.  
163. Action Initiated by:  `t$([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)
164. Script Started:  `t$ScriptStartDate
165. Script Ended:  `t$ScriptEndDate
166.  
167. "@
168. Send-MailMessage -Body $MsgBody -Verbose
169.  
170. # Finally, let's clear the default parameters we set earlier
171. $PSDefaultParameterValues.Clear()
172.  
173. #END SCRIPT