Retrieve Local Admin name

[Tumulus]

We changed security procedures and are changing the name of the local admin account on a computer. I created a script that changes the account, but only if the account is named "administrator". 

I need to change it to work with any administrator account name. Here is what I tried:

#RequireAdmin
#include<LocalAccount.au3>

Global $OKMSGBOX = 1

$strComputer = "."                                       ;This and the following two lines are newly added
$CPU = ObjGet("WinNT://" & $strComputer & ",Computer")
Local $sAdminAcct = $CPU.GetObject("User", "Administrator")

Local $sUsername = InputBox('Password', 'New Admin Username: ', '', '*', -1, -1, 0, 0, 10000)

MsgBox($OKMSGBOX, '', $sAdminAcct) ;for testing. Diplays a blank msgbox

$boolrun = 1
    While ($boolrun)
        $sPassword1 = InputBox('Password', 'New Admin Password: ', '', '*', -1, -1, 0, 0, 10000)
        $sPassword2 = InputBox('Password', 'Re-Enter New Admin Password: ', '', '*', -1, -1, 0, 0, 10000)
            If $sPassword1 == $sPassword2 Then

                _AccountSetPassword($sAdminAcct, $sPassword1, '0')

                _AccountRename($sAdminAcct, $sUsername, @ComputerName)

                $boolrun = 0

            Else
                MsgBox($OKMSGBOX, '', 'The passwords you entered do not match.' & @CRLF _
                & 'Please re-enter the desired admin credentials.')

            EndIf
    WEnd

 I added a few lines to assign the local admin account to the variable "$sAdminAcct" and then added the variable to the "_Account..." functions in place of "administrator". However, like it says above, the variable is blank. I enter all the credentials required, but it won't change the name.

Any ideas how to get it to work?

[AdamUL]

Since you are using the Local Accounts UDF.  You do not need to call COM objects directly.  The variable is blank, due to it being a COM object, and not a string.  The Local Account UDF works with strings.  Here is your script updated for you to work with.  

expandcollapse popup

#RequireAdmin
#include <MsgBoxConstants.au3>
#include <LocalAccount.au3>

Global $sBoxTitle = 'Password'

Global $sAdminAcct = InputBox($sBoxTitle, 'Enter Admin Username to Search: ', '', '*', -1, -1, 0, 0, 10000)
If @error Then Exit

If _AccountExists($sAdminAcct) And _AccountIsMember($sAdminAcct, "Administrators") Then 
    
    Global $sUsername = InputBox($sBoxTitle, 'New Admin Username: ', '', '*', -1, -1, 0, 0, 10000)
    If @error Then Exit

    MsgBox($IDOK, '', $sAdminAcct) ;for testing. Diplays a blank msgbox
    
    Global $bRun = 1
    Global $sPassword1 = ""
    Global $sPassword2 = ""
    While ($bRun)
        $sPassword1 = InputBox($sBoxTitle, 'New Admin Password: ', '', '*', -1, -1, 0, 0, 10000)
        Switch @error
            Case 0
            Case 1, 2
                Exit
            Case Else 
                ContinueLoop
        EndSwitch
        
        $sPassword2 = InputBox($sBoxTitle, 'Re-Enter New Admin Password: ', '', '*', -1, -1, 0, 0, 10000)
        Switch @error
            Case 0
            Case 1, 2
                Exit
            Case Else 
                ContinueLoop
        EndSwitch
        
        If $sPassword1 == $sPassword2 Then

            _AccountSetPassword($sAdminAcct, $sPassword1, '0')

            _AccountRename($sAdminAcct, $sUsername)

            $bRun = 0
        Else
                MsgBox($MB_ICONERROR, $sBoxTitle, 'The passwords you entered do not match.' & @CRLF _
               & 'Please re-enter the desired admin credentials.')
        EndIf
    WEnd
Else
    MsgBox($MB_ICONERROR, $sBoxTitle, $sAdminAcct & ' is not an Admin Account.', 10000) 
EndIf

Adam

 

[Tumulus]

Thanks! That worked perfectly. Is there a way that I could have the local admin account name automatically populate instead of prompting the user for it?

[iamtheky]

If you just want 'the' built-in administrator account

#include<array.au3>
#requireadmin

$sCommand = "wmic /NODE:localhost useraccount get name,sid"
$iPID = run($sCommand , "" , @SW_HIDE , $stdout_child)

$sOutput = ""

     While 1
        $sOutput &= StdoutRead($iPID)
        If @error Then ExitLoop
    WEnd

ProcessClose($iPID)

$aOut = stringsplit($sOutput , @LF , 2)

for $i = 0 to ubound($aOut) - 1
   If stringright(stringstripWS($aOut[$i] , 2) , 3) = "500" AND stringinstr($aOut[$i] , "S-1-5-21-") Then
     $sName = stringleft($aOut[$i] , stringinstr($aOut[$i] , "S-1-5-21-") - 1)
   EndIf
next

 msgbox(0,'',StringStripWS($sName , 8))

 

[AdamUL]

Your welcome.  

I thought you were talking about renaming multiple Admins accounts, and you wanted to rename a specific one.  Are you just talking about just the "Administrator" account only?  If so, change  

Global $sAdminAcct = InputBox($sBoxTitle, 'Enter Admin Username to Search: ', '', '*', -1, -1, 0, 0, 10000)
If @error Then Exit

to 

#include <Security.au3>

Global $aUsers = _AccountEnum()

Global $sSIDUser = ""
Global $iAdminIndex = 0
For $i = 1 To $aUsers[0]
    $sSIDAUser = _Security__SidToStringSid(_Security__GetAccountSid($aUsers[$i]))
    
    If StringRegExp($sSIDUser, "^S-1-5-21-.*-500$") Then 
        $iAdminIndex = $i
    EndIf
Next

Global $sAdminAcct = $aUsers[$iAdminIndex]

 

Adam

 

Edited May 16, 2016 by AdamUL

[Tumulus]

Awesome. That worked! I used AdamUL's code in the comment above.

Yeah, we have a default account named "administrator" on a lot of computers and then some random admin accounts on others, which isn't very secure, so we are deploying a script to all our machines to change the default admin name and password to a new secure account.  

Thanks Guys!

[iamtheky]

....and no group policy?

[Tumulus]

Yeah, I agree. However, our supervisor wants a script solution. Why he does is beyond me.

[AdamUL]

@Tumulus Glad I could help.  

 

Adam