重置重命名的管理员帐户的密码

发布于 2024-08-06 01:10:28 字数 117 浏览 11 评论 0原文

我需要创建一个 .VBS 脚本来重置一大群计算机上的 Windows 本地管理员密码。我的问题是,出于安全原因,我们的一些网站已重命名管理员帐户。有没有人有一个脚本可以根据原始管理员帐户的 SID 更改管理员帐户的密码?

I need to create a .VBS script to reset the Windows local administrator password on a large group of computers. My problem is that some of our sites have renamed the administrator account for security reasons. Does anyone have a script which changes the password of the administrator account based on the SID of the original Administrator account?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

余厌 2024-08-13 01:10:28

利用本地管理员的 SID 始终以 -500 结尾的事实:

strComputer="."    ' local computer by default   
Set objUser=GetObject("WinNT://" & strComputer & "/" & GetAdminName & ",user")     
objUser.SetPassword "New local admin password"     
objUser.SetInfo 

Function GetAdminName   
  'This function was written using information from Table J.1 from the Windows XP resource Kit
  'http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prnc_sid_cids.asp

  Set objNetwork = CreateObject("Wscript.Network") 'get the current computer name 
  objComputerName = objNetwork.ComputerName    
  Set objwmi = GetObject("winmgmts:{impersonationLevel=impersonate}!//" & objComputerName)

  qry = "SELECT * FROM Win32_Account where Domain = '" & cstr(objComputerName) & "'" 
  'set query, making sure to only look at local computer

  For Each Admin in objwmi.ExecQuery(qry)   
    if (left(admin.sid, 6) = "S-1-5-" and right(admin.sid,4) = "-500") then 'look for admin sid
       GetAdminName = admin.name
    end if   
  next    
end Function

Using the fact that local admin's SID always ends with -500:

strComputer="."    ' local computer by default   
Set objUser=GetObject("WinNT://" & strComputer & "/" & GetAdminName & ",user")     
objUser.SetPassword "New local admin password"     
objUser.SetInfo 

Function GetAdminName   
  'This function was written using information from Table J.1 from the Windows XP resource Kit
  'http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prnc_sid_cids.asp

  Set objNetwork = CreateObject("Wscript.Network") 'get the current computer name 
  objComputerName = objNetwork.ComputerName    
  Set objwmi = GetObject("winmgmts:{impersonationLevel=impersonate}!//" & objComputerName)

  qry = "SELECT * FROM Win32_Account where Domain = '" & cstr(objComputerName) & "'" 
  'set query, making sure to only look at local computer

  For Each Admin in objwmi.ExecQuery(qry)   
    if (left(admin.sid, 6) = "S-1-5-" and right(admin.sid,4) = "-500") then 'look for admin sid
       GetAdminName = admin.name
    end if   
  next    
end Function
转身泪倾城 2024-08-13 01:10:28

有一个名为 LookupAccountName 的工具(带有源代码!),给定内置管理员的 SID 即可为您提供其名称。

您可能最终会编写 C++ 代码来相当好地完成这一任务。

There's a tool floating around somewhere called LookupAccountName (with source!) that given the SID of the builtin adminitrator will give you its name.

You're probably going to end up writing C++ code to pull this one off reasonably well.

就像说晚安 2024-08-13 01:10:28

就像 Joshua 所说,我不认为你只能使用 Windows 脚本主机来做到这一点,你可以使用它下载一些东西并执行它:

  • 一个调用 LookupAccountSid(S-1-5-domain-500 SID 或 enum admin group) 的自定义应用程序)+NetUserSetInfo 重置密码(需要以管理员身份运行)
  • http://home.eunet. no/pnordahl/ntpasswd/(启动时重置)
  • 转储 SAM 哈希值并破解密码(Cain、John the Ripper、L0phtCrack 等)

Like Joshua says, I don't think you can do this with windows scripting host only, you could use it download something and execute it:

  • A custom app that calls LookupAccountSid(S-1-5-domain-500 SID or enum admin group)+NetUserSetInfo to reset the password (Needs to run this as admin)
  • http://home.eunet.no/pnordahl/ntpasswd/ (Reset at boot)
  • Dump the SAM hashes and crack the password (Cain,John the Ripper,L0phtCrack etc)
∝单色的世界 2024-08-13 01:10:28

@DmitryK 的回答很好,但我对这些东西一无所知。但我确实知道这种事情在 PowerShell 中通常更干净,所以我移植了它。

例如,整个GetAdminName函数可以这样写:

$adminName = (gwmi win32_account | ? { $.SID.StartsWith( 'S-1-5-' ) -and $.SID.EndsWith( '-500' ) }).Name

(将 -ComputerName 选项添加到 gwmi 调用中以在服务器上执行此操作。)

其余部分变为:

$user = ([ADSI]"WinNT://$($env:COMPUTERNAME)/$adminName,User")
$user.SetPassword( 'xxx' )
$user.SetInfo()

(当然,根据需要应用适当的计算机名称。)

@DmitryK's answer is good, and I didn't know any of that stuff. But I do know that this sort of thing is usually cleaner in PowerShell, so I ported it.

For example, the whole GetAdminName function can be written:


$adminName = (gwmi win32_account | ? { $.SID.StartsWith( 'S-1-5-' ) -and $.SID.EndsWith( '-500' ) }).Name

(Add the -ComputerName option to the gwmi call to do this on a server.)

The rest becomes:


$user = ([ADSI]"WinNT://$($env:COMPUTERNAME)/$adminName,User")
$user.SetPassword( 'xxx' )
$user.SetInfo()

(applying the appropriate computer name as needed, of course.)

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文