Every company has there build specs, their dummy accounts, after installation software and other internal doo dad’s they feel are vital to the build. Even with imaging you can never guarantee its all done right so i always prefer to script the end of install just to make sure its clean, fresh and right each time a system comes off the build line.
Heres a few pointers i threw together to get your “post build” script in order starting with dummy accounts, passwords and user memberships.
Renaming the administrators account (admrename.vbs):
strComputer = “.”
Set wshShell = WScript.CreateObject( “WScript.Shell” )
strComputerName = wshShell.ExpandEnvironmentStrings( “%COMPUTERNAME%” )
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Set objWMIService = GetObject(“winmgmts:” & strComputer & “rootcimv2″)
Set colAccounts = objWMIService.ExecQuery _
(“Select * From Win32_UserAccount Where LocalAccount = True And Name = ‘Administrator'”)
For Each objAccount in colAccounts
objAccount.Rename “ADM” & strComputerName
The above script will rename the Administrator account to ADMcomputername, it can easily be changed to a static name deleting the & strComputerName and adding the full name in the “” ‘s.
Creating a local account using the command line (batch):
net user patchacc passw0rd /add /comment:”Patch account” /fullname:”windows Patch account” /active:yes /passwordchg:no /passwordreq:yes
the above script will create a username (patchacc) with password (passw0rd), the account will also be enabled.
Add an account to the local administrators(batch):
net localgroup /add administrators patchacc
The above command adds the username patchacc to the local group administrators, you can use the above command to add a domain account using net localgroup /add administrators domainusername.
Setting a password to never expire (pwd.vbs):
Set objUser = GetObject(“WinNT://” & strcomputer & “/username“)
objPasswordNoChangeFlag = objUser.UserFlags XOR ADS_UF_DONT_EXPIRE_PASSWD
objUser.Put “userFlags”, objPasswordNoChangeFlag
The above scriptlet will simply set the password to the “username” account to never expire, dont try to do it with net user, it doesnt work… ever.
Creating a dummy administrator account:
net user Administrator Notreal123 /add /comment:”Bogus Admin Account” /fullname:”Bogus Admin Account” /active:no /passwordchg:no /passwordreq:yes
The above script will create a disabled user called administrator (rename the current administrator first), with password of Notreal123.
After the jump is an example of how to tie them all into one super script and the source files.