Reset local Windows account password (1.3.0+)
-
This tutorial utilizes the new FOG Client, which is capable of executing powershell scripts.
At work, we’ve been talking about how to reset the local ‘tech’ password en-mass should we ever need to, in case the account password is compromised.
I’ve found some powershell that can do this, and I’ve used it via FOG Snapins to successfully change a local Windows account’s password. This can be done on one computer or thousands. Confirmed working on Windows 10.
The below is a powershell script (with a
.ps1file extension) that resets the password of a local account calledtechtoMySuperAmazingPasswordas an example.$comp=hostname $tech=[adsi]("WinNT://" + $comp + "/tech, user") $tech.psbase.invoke("SetPassword", "MySuperAmazingPassword")This can be made into a FOG Snapin using the PowerShell template, and just uploading the file. Here is a screenshot of the completed snapin:
-
This is perfect for: https://forums.fogproject.org/post/76500
-
@x23piracy You didn’t know snapins could do powershell?
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
Daily Clean Installation Results:
https://fogtesting.fogproject.us/
FOG Reporting:
https://fog-external-reporting-results.fogproject.us/ -
@Wayne-Workman really they can?
well i am just a bit crazy today… -
What do you have in text box: “Snapin Run With Argument”? Is it required for this specific Snapin? I noticed you didn’t mention that section of the Snapin creation process.
-
@alexf2132 When creating the snapin, if you choose the “Powershell” template, it’ll be filled in automatically for you. Also the arguments are listed in the Snapin Command part.
-
@Wayne-Workman Thank you sir.
-
-
@MRCUR That’s one of the options we thought about. It sets a unique password on every machine - and that’s not the greatest idea if you need to use the local account in a tight spot to do something, and don’t have LAPS readily open. LAPS was created as a way to manage local account passwords, specifically changing them. With the above simple PowerShell script paired with FOG Snapins, that’s an alternative to LAPS that isn’t so complex - and enables a uniform password on each computer.
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
Daily Clean Installation Results:
https://fogtesting.fogproject.us/
FOG Reporting:
https://fog-external-reporting-results.fogproject.us/ -
@Wayne-Workman That’s the whole point - there should not be a single password set on all the machines. I realize this is not the point of your thread, but I just wanted to have this here so people know LAPS exists and is the preferred solution.
-
@MRCUR There should be - what the admin wants and is acceptable. Would I want a uniform password in every environment? No. I work in a public school, and very often I’m walking down the halls and someone comes out asking for help - and I don’t have my laptop with me. The less passwords I type in front of people, the better. Often, technicians fill in at other buildings - we don’t share AD credentials among technicians for our domains, but we do share local passwords with other techs so they can fill in where needed. LAPS would make that harder.
I would encourage people to use LAPS if they want the highest degree of local account security, but it would complicate my job further than I would like in my current position and slow my ability to solve problems.
