Tagged: Password

Reset local admin password

You probably want to have random passwords on all your local admin accounts… Wrote a function that generates a complex (and readable) password and another function that sets the local admin password.

Function Get-RandomPassword {
	PARAM (
		$pwdMask = "####-####-####-####-####",
		$pwdCharacters = "abcdefghjkmnopqrstuvwxy23456789ABCDEFGHJKLMNPQRTUVWXYZ"
	)

	$newPassword = ""
	(0 .. (($pwdMask.Length)-1) ) | ForEach-Object  {
		If ( $pwdMask.Chars($_) -eq "#" ) {
			$rndChar = Get-Random -Minimum 0 -Maximum $pwdCharacters.Length
	 		$newPassword += $pwdCharacters.Chars($rndChar)
		} else {
			$newPassword += $pwdMask.Chars($_)
		}
	}

	Return $newPassword
}


Function Set-LocalAdminPassword {
	PARAM (
		[string] $computerName,
		[string] $newPassword
	)

	$adminAccountName = (Get-WmiObject Win32_UserAccount -Filter "LocalAccount = True AND SID LIKE 'S-1-5-21-%-500'" -ComputerName $computerName | Select-Object -First 1 ).Name
	TRY {
		Write-Verbose "Reset password for $($computerName)\$($adminAccountName) to $($newPassword)"
		$adminAccount = [adsi]"WinNT://$($computerName)/$($adminAccountName),user"
		$adminAccount.setPassword($newPassword)
		Return $true
	}
	CATCH {
		Return $false
	}
}

This is how to reset password on a single computer

Set-LocalAdminPassword -computerName "SOMEPC" -newPassword (Get-RandomPassword)

And if you want to process a list of computers (that are online) from the AD

Import-Module ActiveDirectory
$newPwds = @{}
Get-ADComputer -LDAPFilter "(name=PC00*)" | ForEach-Object {
	$computerName = $_.Name
	If (Test-Connection -ComputerName $computerName -Count 1 -ErrorAction SilentlyContinue) {
		$randomPwd = Get-RandomPassword
		If (Set-LocalAdminPassword -computerName $computerName -newPassword $randomPwd ) {
			$newPwds.Add($computerName, $randomPwd)
		}
	}
}

$newPwds | Format-Table -AutoSize
http://www.pasta-recipes.com