Novell Home

Keep Administrators from being Locked out of Machines

Novell Cool Solutions: Trench
By Leonard Zebrowski

Digg This - Slashdot This

Posted: 2 May 2003
 

We had a problem with multiple machine images with different, and sometimes forgotten, local administrator account passwords. Also, some of our users with local admin rights occasionally change the password to Administrator or backdoor accounts, locking us out of the machines.

I wrote a simple ZEN Script to install a service on all machines that every time a machine is rebooted the chosen accounts passwords are reset. When necessary I can change the passwords by pushing down a new file. This is how I did it:

Note: all the files used in this solution are available in the zip file below, under Download.

Step 1

I wrote a batch file called reset.bat with the following commands:

Net use administrator <password>
Net use <backdoor> <password>
Net use <backdoor1> <password> 

Step 2

I used a Bat2Exec program to convert reset.bat to reset.com to encrypt the file for security.

Step 3

I wrote a simple ZEN package to:

  1. Copy reset.com to C:\Winnt\System32
  2. Copy srvany.exe to C:\Winnt\System32 (from NT Resource kit)
  3. Install the following registry keys
  4. REGEDIT4[HKEY_LOCAL_MACHINE\SYSTEM\
    CurrentControlSet\Services\PWReset]
    "Type"=dword:00000010"Start"=dword:00000002"
    ErrorControl"=dword:00000001
    "ImagePath"=hex(2):43,3a,5c,57,69,6e,6e,74,
    5c,53,79,73,74,65,6d,33,32,5c,53,72,\  
    76,61,6e,79,2e,65,78,65,00
    "DisplayName"="PWReset""ObjectName"="LocalSystem"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\PWReset\Parameters]
    "Application"="C:\\Winnt\\System32\\reset.com"
    [HKEY_LOCAL_MACHINE\SYSTEM\
    CurrentControlSet\Services\
    PWReset\Security]
    "Security"=hex:01,00,14,80,c0,00,00,00,
    cc,00,00,00,14,00,00,00,34,00,00,00,02,\ 
     00,20,00,01,00,00,00,02,80,18,00,ff,01,
     0f,00,01,01,00,00,00,00,00,01,00,00,\  
     00,00,20,02,00,00,02,00,8c,00,05,00,00,
     00,00,00,18,00,8d,01,02,00,01,01,00,\  
     00,00,00,00,01,00,00,00,00,74,00,73,00,
     00,00,1c,00,fd,01,02,00,01,02,00,00,\  
     00,00,00,05,20,00,00,00,23,02,00,00,76,
     00,63,00,00,00,1c,00,ff,01,0f,00,01,\  
     02,00,00,00,00,00,05,20,00,00,00,20,02,
     00,00,76,00,63,00,00,00,1c,00,ff,01,\  
     0f,00,01,02,00,00,00,00,00,05,20,00,00,
     00,25,02,00,00,76,00,63,00,00,00,18,\ 
     00,fd,01,02,00,01,01,00,00,00,00,00,05,
     12,00,00,00,25,02,00,00,01,01,00,00,\  
     00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
    Services\PWReset\Enum]
    "0"="Root\\LEGACY_PWRESET\\0000""Count"=dword:00000001
    "NextInstance"=dword:00000001

Every time the machine reboots all passwords included within reset.com are standardized. Anytime I need to change the passwords I rewrite reset.com and push the new file out using ZEN.

This works on both NT 4 and 2000 machines.

Here is everything I use, with the exception of the "real" reset.bat/com file - the file included will reset only the administrator password to password.

Download

Download pwreset.zip

If you have any questions you may contact Leonard at leonard.s.zebrowski@phila.gov


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell