Remotely resetting local passwords under NT/2K

[SoulAssassin]

Does anyone know how to remotely reset a local acct password on a remote machine via cmd line?

Here's the deal, we have these 18 application servers at different sites throughout the country. There are services that run as a local acct w admin access, I need to stop the service, change the acct password, change the password the service runs as, then start the service. Everything else is cake but after running through TechNet for the past couple hours I can't find out how to remotely change the local password. I can do it for a domain acct no problem, but a vendor has dial in access to these machines and we obviously aren't comfortable giving them domain admin access. I can do it via computer/user mangler but it gets repetitive rather quickly, I want to script the whole thing.

Thanks!

 

[Woodie]

You should be able to use net user.

What is your remote command-line like: rcmd or telnet? Each flavor allows some things to work, but not others.

 

[SoulAssassin]

net user works for domain accts and accts local to the machine you're currently logged into, unfortunately not remote local accts (boy that sounds like an oxymoron). Telnet is difficult/impossible to work with in a script. Manually telnet'ing into the boxes would probably be as slow as doing it another way. I don't believe any of these machines are configured for rcmd but I'll look into that.

Someone else in the DC forum mentioned using the soon cmd which functions like an AT job although it's executed either immediately or within a set period of seconds.

 

[Woodie]

Don't use RCMD!! It's not very secure, and it's not supported by M$. Since you have telnet, use that instead of rcmd.

If you have the mechanism to distribute the script to the remote servers, then it's just a matter of getting the job scheduled. We have used the "soon" command quite effectively, to get the job to run in the context needed to run a particular job.

Assuming you have no way to distribute the script, and the commands are identical for each server.

Set up a share on a central server/workstation (your own?).
ACL the share to grant READ to the machine accounts of each of the servers. (servername$)
set up the job (from your workstation) as:
at \\servername soon "\\workstationname\sharename\scriptname"
Don't forget to create the scriptname which has the net stop, net user, and net start commands in it, and put it on the sharepoint. You may have to put soon.exe on all the servers, or perhaps in the share...not sure, since I don't have it at home right now.

You could also schedule the job to run every month, so all you have to do is update the script every month.