Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- SCRIPT NAME: Change-LocalAdminPassword.ps1
- AUTHORED BY: Sitaram Pamarthi (https://4sysops.com/archives/change-the-local-administrator-password-on-multiple-computers-with-powershell/)
- ADAPTED BY: Kismet Agbasi
- DATE ADAPTED: 02/05/2019
- VERSION: 1.0
- WHAT THIS SCRIPT DOES:
- This is a PowerShell script that takes simple input and will allow a System Administrator (SA) to automate the otherwise mundane and tedious
- task of Local Administrator Account Password Management. Reading from a text file, this script will change the password of the specified
- account on multiple remote computers.
- Here's how the original script author puts it:
- .Synopsis
- Change local administrator password on list of computers given in a text file.
- .Description
- This script picks up the computer names from given input file and changes the local administrator password.
- .Parameter InputFile
- The full path of the text file name where computer account names are stored. Ex: C:\temp\computers.txt
- .Example
- Update-LocalAdministratorPassword.ps1 -InputFile c:\temp\Computers.txt
- This prompts you for the password for two times and updates the local administrator password on all computers to that.
- .Example
- Update-LocalAdministratorPassword.ps1 -InputFile c:\temp\Computers.txt -Verbose
- This tells you what exactly happening at every stage of the script.
- #>
- #BEGIN SCRIPT
- #Let's define and parametize the variables for the input file and output directory.
- [cmdletbinding()]
- param (
- [parameter(mandatory = $true)]
- $InputFile,
- $OutputDirectory
- )
- # Let's declare our global variables
- $ScriptStartDate = $(Get-Date)
- $MailCred = Import-Clixml .\SecurePasswd-Gmail.clixml
- [System.Collections.ArrayList]$ReportObject = @() #An array to hold the output as we interate through each computer
- # Let's define default values for the Send-MailMessage object
- $PSDefaultParameterValues.Add("Send-MailMessage:From","Sender <sender@gmail.com>")
- $PSDefaultParameterValues.Add("Send-MailMessage:To","Recipient <Recipient@Outlook.com>")
- $PSDefaultParameterValues.Add("Send-MailMessage:Subject","TEST - Local Account Password Maintenance Task Report")
- $PSDefaultParameterValues.Add("Send-MailMessage:Priority","High")
- $PSDefaultParameterValues.Add("Send-MailMessage:SmtpServer","smtp.gmail.com")
- $PSDefaultParameterValues.Add("Send-MailMessage:Port","587")
- $PSDefaultParameterValues.Add("Send-MailMessage:UseSsl",$true)
- $PSDefaultParameterValues.Add("Send-MailMessage:Credential",$MailCred)
- #Let's grab the current working directory and set that as the Output Directory, in to which
- #we will place the "Failed-Computers.txt" log file.
- If(!$OutputDirectory) {
- $OutputDirectory = (Get-Item $InputFile).DirectoryName
- }
- $FailedComputers = Join-Path $OutputDirectory "Failed-Computers.txt"
- $Stream = [System.IO.StreamWriter] $FailedComputers
- $Stream.Writeline("ComputerName `t IsOnline `t PasswordChangeStatus")
- $Stream.Writeline("____________ `t ________ `t ____________________")
- #Let's capture the target user account and new password we need to set
- Do {
- $TargetAccount = Read-Host "Please enter the target user account name"
- }Until ( $TargetAccount -ne "" )
- Do {
- $Password = Read-Host "Please enter the new password for $TargetAccount" -AsSecureString
- $ConfirmPassword = Read-Host "Please confirm the new password" -AsSecureString
- $Pwd1_Text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password))
- $Pwd2_Text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($ConfirmPassword))
- } While ($Pwd1_Text -ne $Pwd2_Text)
- <#If($Pwd1_Text -ne $Pwd2_Text) {
- Write-Error "The entered passwords do not match. Script is exiting!"
- $Stream.Close()
- Exit
- }#>
- If(!(Test-Path $InputFile)) {
- Write-Error "The Input File {($InputFile)} was not found. Script is exiting!"
- $Stream.Close()
- Exit
- }
- #Now that we have the password to set, let's get a list of target computers.
- $Computers = Get-Content -Path $InputFile
- #Now let's loop through each computer and change the specified account password.
- ForEach ($Computer in $Computers) {
- $Computer = $Computer.ToUpper()
- $IsOnline = "OFFLINE"
- $Status = "SUCCESS"
- Write-Verbose "Working on $Computer"
- If((Test-Connection -ComputerName $Computer -count 1 -ErrorAction 0)) {
- $IsOnline = "ONLINE"
- Write-Verbose "`t$Computer is Online"
- } Else { Write-Verbose "`t$Computer is OFFLINE" }
- Try {
- $Account = [ADSI]("WinNT://$Computer/$TargetAccount,user")
- $Account.psbase.invoke("setpassword",$Pwd1_Text)
- Write-Verbose "`tPassword Change completed successfully"
- }
- Catch {
- $Status = "FAILED"
- Write-Verbose "`tFailed to Change the password for $TargetAccount on $Computer. Error: $_"
- $StatsError = "$_"
- }
- $Obj = New-Object -TypeName PSObject -Property @{
- Date = "$(Get-Date)"
- ComputerName = $Computer
- IsOnline = $IsOnline
- PasswordChangeStatus = $Status
- DetailedStatus = $StatsError
- }
- <#$Obj | Format-Table ComputerName, Date, IsOnline, PasswordChangeStatus, DetailedStatus -AutoSize
- $Obj | Select-Object "ComputerName", "Date", "IsOnline", "PasswordChangeStatus", "DetailedStatus" | Export-Csv -Append -Path ".\output.csv" -NoTypeInformation
- $Obj | Select-Object "ComputerName", "Date", "IsOnline", "PasswordChangeStatus", "DetailedStatus" | ConvertTo-Html | Out-File -FilePath .\Report.html
- #>
- <#If($Status -eq "FAILED" -or $IsOnline -eq "OFFLINE") {
- $Stream.Writeline("$Computer `t $IsOnline `t $Status")
- }#>
- return $Obj
- }
- $ReportObject.Add($Obj) | Out-Null
- $ReportObject | Format-Table ComputerName, Date, IsOnline, PasswordChangeStatus, DetailedStatus -AutoSize
- $ReportObject | Select-Object "ComputerName", "Date", "IsOnline", "PasswordChangeStatus", "DetailedStatus" | Export-Csv -Append -Path ".\output.csv" -NoTypeInformation
- $ReportObject | Select-Object "ComputerName", "Date", "IsOnline", "PasswordChangeStatus", "DetailedStatus" | ConvertTo-Html | Out-File -FilePath .\Report.html
- #Finally, let's close the Stream Writer, write the stream to the text file
- #and notify the user of the location of the FailedComputers log file
- $Stream.Close()
- Write-Host "`n`nFailed computers list is saved to $FailedComputers"
- $ScriptEndDate = $(Get-Date)
- #Send an email log of what was done
- $MsgBody = @"
- Dear IT Admins,
- Please be advised that the local admin account password for [ $TargetAccount ] has been changed
- successfully on the following hosts:
- Action Initiated by: `t$([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)
- Script Started: `t$ScriptStartDate
- Script Ended: `t$ScriptEndDate
- "@
- Send-MailMessage -Body $MsgBody -Verbose
- # Finally, let's clear the default parameters we set earlier
- $PSDefaultParameterValues.Clear()
- #END SCRIPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement