locked
Server remediation script RRS feed

  • Question

  • Hi Scripting guy!

    Need a little pointer in the right direction.

    I just started to learn via the month of lunches and am enjoying immensely.

    A task has now landed in my in-tray which is phasing me a little.

    I have been asked to :

    1.        Read a list of destination machines from a text file
    2.       Connect to each machine in turn, if a machine cannot be connected to.  Log it and move to next machine in text file
    3.        Those machines that can be connected to enumerate the running services to discover if any of them are running with local accounts.  If they are log it and move to next machine.
    4.       Presuming no services are running with local accounts.  Enumerate the local accounts to find the administrator (even if renamed) – it will have a SID which ends in 500
    5.       Change the password of the local administrator account to a variable (this could be entered at script run time)
    6.         Log if successful or not
    7.        Change the local administrator account name to a desired account name
    8.       Log if successful or not
    9.         Repeat for each machine in the text file
    10.         Finish

    Is it a bit much to have one script do all of this?

    Finally, do all machines in question need WinRM running?

    I would be most grateful for any help here!

    kind regards

    Wednesday, May 13, 2015 10:19 AM

Answers

  • As Braham20 noted, this is not a "write a script for me that does this list of things" forum.

    FWIW, I'm the author of that Windows IT Pro script. If you don't get an error, then the script was able to reset the password.


    -- Bill Stewart [Bill_Stewart]

    • Marked as answer by Bill_Stewart Tuesday, June 16, 2015 9:16 PM
    Wednesday, May 13, 2015 2:17 PM

All replies

  • I doubt anyone will write the full thing for you, but WMI is probably the way to go. As a quick pointer - 

    gwmi -query "Select * from win32_account where Domain = '$env:computername'" | ? {$_.SID -like "-500"}

    gwmi -Query "Select * from win32_service" | Select DisplayName,StartName | Sort DisplayName

    Wednesday, May 13, 2015 10:51 AM
  • Thanks for the speedy reply, those look good.

    here's what I have so far...

    Listing out which accounts are running the services

    Get-WmiObject win32_service | group-object -Property StartName ` | format-table Name, Count -auto 

    For password reset I downloaded code from here:

    http://windowsitpro.com/powershell/resetting-local-administrator-password-computers

    I think I can run something that will check last reset date to check the change worked.

    then try and put it together to call from a computername.txt

    Wednesday, May 13, 2015 2:15 PM
  • As Braham20 noted, this is not a "write a script for me that does this list of things" forum.

    FWIW, I'm the author of that Windows IT Pro script. If you don't get an error, then the script was able to reset the password.


    -- Bill Stewart [Bill_Stewart]

    • Marked as answer by Bill_Stewart Tuesday, June 16, 2015 9:16 PM
    Wednesday, May 13, 2015 2:17 PM
  • Thanks guys, and sorry for presuming!

    I think I have a handle on what I need to do, like I say, I'm still learning.

    Didn't mean to cause any upset.

    But I really enjoy what powershell can achieve, such an awesome tool.

    Thursday, May 14, 2015 9:53 AM
  • Thanks guys, and sorry for presuming!

    I think I have a handle on what I need to do, like I say, I'm still learning.

    Didn't mean to cause any upset.

    But I really enjoy what powershell can achieve, such an awesome tool.

    No upset caused, the people here will be happy to help you if you get stuck whilst you're writing your script but writing the script is your job :) If you're struggling with anything post back with some specific questions and you'll find people will be very forthcoming with helpful pointers.
    Thursday, May 14, 2015 10:24 AM