Home > Batch Scripting, Scripting, Windows Server > Administration Automation Part 1:

Administration Automation Part 1:

Every company has there build specs, their dummy accounts, after installation software and other internal doo dad’s they feel are vital to the build. Even with imaging you can never guarantee its all done right so i always prefer to script the end of install just to make sure its clean, fresh and right each time a system comes off the build line.

Heres a few pointers i threw together to get your “post build” script in order starting with dummy accounts, passwords and user memberships.

Renaming the administrators account (admrename.vbs):

strComputer = “.”
Set wshShell = WScript.CreateObject( “WScript.Shell” )
strComputerName = wshShell.ExpandEnvironmentStrings( “%COMPUTERNAME%” )

Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000

Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)
Set colAccounts = objWMIService.ExecQuery _
(“Select * From Win32_UserAccount Where LocalAccount = True And Name = ‘Administrator'”)

For Each objAccount in colAccounts
objAccount.Rename “ADM” & strComputerName

The above script will rename the Administrator account to ADMcomputername, it can easily be changed to a static name deleting the & strComputerName and adding the full name in the “” ‘s.

Creating a local account using the command line (batch):

net user patchacc passw0rd /add /comment:”Patch account” /fullname:”windows Patch account” /active:yes /passwordchg:no /passwordreq:yes

the above script will create a username (patchacc) with password (passw0rd), the account will also be enabled.

Add an account to the local administrators(batch):

net localgroup /add administrators patchacc

The above command adds the username patchacc to the local group administrators, you can use the above command to add a domain account using net localgroup /add administrators domain\username.

Setting a password to never expire (pwd.vbs):

Set objUser = GetObject(“WinNT://” & strcomputer & “/username“)
objPasswordNoChangeFlag = objUser.UserFlags XOR ADS_UF_DONT_EXPIRE_PASSWD
objUser.Put “userFlags”, objPasswordNoChangeFlag
objUser.SetInfo

The above scriptlet will simply set the password to the “username” account to never expire, dont try to do it with net user, it doesnt work… ever.

Creating a dummy administrator account:

net user Administrator Notreal123 /add /comment:”Bogus Admin Account” /fullname:”Bogus Admin Account” /active:no /passwordchg:no /passwordreq:yes

The above script will create a disabled user called administrator (rename the current administrator first), with password of Notreal123.

After the jump is an example of how to tie them all into one super script and the source files.

http://www.4shared.com/file/64993533/ef9ff324/users.html

REM copy the entire cotents of the zip to a share name on your network, add the share to the below statement.
set netdir=\\servername\share

@echo Creating Patch account & net user patchacc passw0rd /add /comment:”Patch account” /fullname:”windows Patch account” /active:yes /passwordchg:no /passwordreq:yes
@echo.
@echo Renaming admin account & cscript /b “%netdir%\admrename.vbs” & echo Complete
@echo.
@echo Fixing password & cscript /b “%netdir%\pwd.vbs” & echo Complete
@echo.
@echo Adding Dummy account & et user Administrator Notreal123 /add /comment:”Bogus Admin Account” /fullname:”Bogus Admin Account” /active:no /passwordchg:no /passwordreq:yes
@echo.
@echo adding patch to local admins. & net localgroup /add administrators patchacc

pause

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: