Keep administrators from being locked out of machines
Articles and Tips: tip
01 Jun 2003
ZENworks cool solutions article
by Leonard Zebrowski
Here's a tip recently posted on Cool Solutions that has already collected an impressive number of five-star ratings. Get tons more like this at www.novell.com/coolsolutions.
We had a problem with multiple machine images with different and sometimes forgotten local administrator account passwords. Also, some of our users with local admin rights occasionally change the password to Administrator or backdoor accounts, locking us out of the machines.
I wrote a simple ZEN Script to install a service on all machines that every time a machine is rebooted the chosen accounts' passwords are reset. When necessary, I can change the passwords by pushing down a new file. This is how I did it:
Note: All the files used in this solution are available in the zip file referenced in the URL below.
STEP 1
I wrote a batch file called reset.bat with the following commands:
Net use administrator <password>
Net use <backdoor> <password>
Net use <backdoor1> <password>
STEP 2
I used a Bat2Exec program to convert reset.bat to reset.com to encrypt the file for security.
STEP 3
I wrote a simple ZEN package to:
Copy reset.com to C:\Winnt\System32
Copy srvany.exe to C:\Winnt\System32 (from NT Resource kit)
Install the appropriate registry keys
Every time the machine reboots all passwords included within reset.com are standardized. Anytime I need to change the passwords I rewrite reset.com and push the new file out using ZEN. This works on both NT 4 and Windows 2000 machines.
I've shared everything I use in this zip file, with the exception of the "real" reset.bat/com file. The included file will reset only the administrator password to "password."
Download the zip file from http://www.novell.com/coolsolutions/zenworks/features/trenches/tr_reset_passwords_zw.html.
* Originally published in Novell Connection Magazine
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.