\[Editor's Note: Email your Windows 2000 or Windows NT security tips or solutions (400 words or less) to Reader to Reader at [email protected] We edit submissions for style, grammar, and length. If we print your contribution, you receive $100.\]
When I had to change the Administrator account name and password on all the servers and workstations in my enterprise, I wrote a script to accomplish this task. The script loops through a subnet range that you specify, detects any Win2K or NT systems running on it, and changes the Administrator account name and password to the name and password that you specify.
To run the batch file that contains the script in Listing 1, you must log on as a member of the Domain Administrators group. Before you run the batch file, edit the values of the variables oldaccountname, newaccountname, and newpassword to values appropriate to your environment (these variables are at the top of the file). The default range of addresses is 192.168.0.0 to 192.168.0.254. To change the default to the range of your subnet, edit the value of the variable subnet, and change the number 254 at callout A in Listing 1 to the number that represents the end of the subnet range you want to scan. The code in Listing 1 scans a class C subnet.
The three files that this script calls are in the Microsoft Windows 2000 Server Resource Kit and the Microsoft Windows NT Server 4.0 Resource Kit. These files are
- reg.exe (in both resource kits)
- cusrmgr.exe (in the Win2K resource kit only)
- now.exe (in both resource kits)
Place these three files in any directory listed in your Path statement, or place all three files in one directory and run the batch file in the same directory.