The most popular script to do this is a VB script.
In the script it basically runs through all of the accounts and attempts to change the password using a blank password as the initial credentials.
I need this done in powershellsince the rest of the script design will be done in Powershell.
The problem I'm running into is that it'spassing throughmy admin credentials to change the passwords so it succeeds every time. The script itself looks for an error code of [0] (meaning it worked and the password was blank to begin with) and a fail code in which it kicks back "The password was not blank" then resumes on the next account.
Here is the test version of just the password changing part:
==================================
$ErrorActionPreference = "SilentlyContinue"
$strPassword = ""
$server = "serverName"
$computer = [ADSI]("WinNT://" + $server + ",computer")
$user = [ADSI]("WinNT://" + $server + "/Guest, user")
$user.invoke("SetPassword", $strPassword)
If($?)
{
Write-Host "There was a blank password on the" $computer.Name $user.name "account."
}
If(!$?)
{
Write-Host $computer.Name $user.name "is safe."
}
==================================
Is there a way to force it to NOT use my credentials and require a supplied password (not promted but stored in a variable) for each attempt?
The VBS script with the original idea is below.
"
On Error Resume Next
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName
strPassword = ""
Set colAccounts = GetObject("WinNT://" & strComputer)
colAccounts.Filter = Array("user")
For Each objUser In colAccounts
objUser.ChangePassword strPassword, strPassword
If Err = 0 or Err = -2147023569
Then
Wscript.Echo objUser.Name & " is using a blank password."
End If
Err.Clear
Next
Thanks
Jason