Bulk Admin password change

Hello

We create a admin account for all our assets and would like to change all assets admin passwords in bulk. Does anyone know if a script is available to check for the existence of the admin account and if it is on the asset to change it to $password?

Thanks.

You could definitely do it - I’ve got code that will check if a local account username/password combo is valid, and from there you could build it out.

  • Check Local Account Exists
  • Create it if it doesn’t
  • Check it is in the expected group
  • Fix it if it isn’t
  • Check the user account is
    • Enabled
    • Unlocked
    • Password is correct
  • Fix them if they aren’t right
  • May want to configure “Special account” to hide the user from the Lock Screen menus

etc, and fix if they aren’t right.

FYI though - any password passed from Syncro will be hidden in the Portal - but can be visible in the PowerShell output if you are not careful how to

The security issue that Kevin has mentioned still stands but…

If you create a custom field for each customer “LocalAdminPassword” and give it a value you can then script the creation of a local admin using that custom value.
Make sure to add a platform variable that uses the custom field.

 $password = ConvertTo-SecureString $LocalAdminPassword  -AsPlainText -Force
    New-LocalUser -Name "AdminAccountName" -Password $password -Description "Local Admin Account" -ErrorAction Stop
     Write-Host "Local User AdminAccountName Has Been Added"
     Log-Activity -Message "Local User AdminAccountName Has Been Added" -EventName "Local User AdminAccountName Has Been Added"
    Add-LocalGroupMember -Group "Administrators" -Member "AdminAccountName"
     Write-Host "Local User AdminAccountName Has Been Upgraded To Admin"
     Log-Activity -Message "Local User AdminAccountName Has Been Upgraded To Admin" -EventName "Local User AdminAccountName Has Been Upgraded To Admin"
   
1 Like

There’s one in the community library to randomize it. I run it weekly. I wouldn’t use the same password across all systems, even just for the same client. This was needed in some RMMs, but not Syncro. Ransomware gets a hold of the password, they now have access to all systems.

That’s very good, defo going to implement that!
Thanks Jimmie!

Looks good. Thanks

I will give it a try.

if you have an DC in your network jsut use LAPS