Administration Automation Part 1:

Every company has there build specs, their dummy accounts, after installation software and other internal doo dad’s they feel are vital to the build. Even with imaging you can never guarantee its all done right so i always prefer to script the end of install just to make sure its clean, fresh and right each time a system comes off the build line.

Heres a few pointers i threw together to get your “post build” script in order starting with dummy accounts, passwords and user memberships.

Renaming the administrators account (admrename.vbs):

strComputer = “.”
Set wshShell = WScript.CreateObject( “WScript.Shell” )
strComputerName = wshShell.ExpandEnvironmentStrings( “%COMPUTERNAME%” )


Set objWMIService = GetObject(“winmgmts:” & strComputer & “rootcimv2″)
Set colAccounts = objWMIService.ExecQuery _
(“Select * From Win32_UserAccount Where LocalAccount = True And Name = ‘Administrator'”)

For Each objAccount in colAccounts
objAccount.Rename “ADM” & strComputerName

The above script will rename the Administrator account to ADMcomputername, it can easily be changed to a static name deleting the & strComputerName and adding the full name in the “” ‘s.

Creating a local account using the command line (batch):

net user patchacc passw0rd /add /comment:”Patch account” /fullname:”windows Patch account” /active:yes /passwordchg:no /passwordreq:yes

the above script will create a username (patchacc) with password (passw0rd), the account will also be enabled.

Add an account to the local administrators(batch):

net localgroup /add administrators patchacc

The above command adds the username patchacc to the local group administrators, you can use the above command to add a domain account using net localgroup /add administrators domainusername.

Setting a password to never expire (pwd.vbs):

Set objUser = GetObject(“WinNT://” & strcomputer & “/username“)
objPasswordNoChangeFlag = objUser.UserFlags XOR ADS_UF_DONT_EXPIRE_PASSWD
objUser.Put “userFlags”, objPasswordNoChangeFlag

The above scriptlet will simply set the password to the “username” account to never expire, dont try to do it with net user, it doesnt work… ever.

Creating a dummy administrator account:

net user Administrator Notreal123 /add /comment:”Bogus Admin Account” /fullname:”Bogus Admin Account” /active:no /passwordchg:no /passwordreq:yes

The above script will create a disabled user called administrator (rename the current administrator first), with password of Notreal123.

After the jump is an example of how to tie them all into one super script and the source files.

REM copy the entire cotents of the zip to a share name on your network, add the share to the below statement.
set netdir=servernameshare

@echo Creating Patch account & net user patchacc passw0rd /add /comment:”Patch account” /fullname:”windows Patch account” /active:yes /passwordchg:no /passwordreq:yes
@echo Renaming admin account & cscript /b “%netdir%admrename.vbs” & echo Complete
@echo Fixing password & cscript /b “%netdir%pwd.vbs” & echo Complete
@echo Adding Dummy account & et user Administrator Notreal123 /add /comment:”Bogus Admin Account” /fullname:”Bogus Admin Account” /active:no /passwordchg:no /passwordreq:yes
@echo adding patch to local admins. & net localgroup /add administrators patchacc


Related Posts

Enabling RDP on a server remotely. There's very little more annoying in a windows environment than having to go to a console of a server because some idiot has disabled remote administr...
Remove shell extensions after installing Adobe Acr... A pet peeve of mine are context menu extensions... Why software vendors decide to include non optional context menu addons are besides me! A good exam...
Scripting Web interface 5.0 installation. To auto install web interface sites, sitemgr.exe must be used. the below script will create a default website for XenApp services and will also create...

Leave a Reply