/build/static/layout/Breadcrumb_cap_w.png

I have a silly question.  I need to change our local Administrator password for all of our machines and wanted to know do I need to change anything in KACE?  I know my predecessor tried to change it and KACE would no longer work with Local System selected and no scripts would run until the old password was re- added to the machines.  He claimed that the # symbol was the problem, I think he was nuts, but I could be wrong and he is gone...lol

 

Does KACE have the admin passwords hard coded on the server for Local Systems? If so, where and are there symbol/password length issues?   If I were to guess the admin accounts on user machines would need to be changed first, then KACE should pick up that change.

Thoughts???
0 Comments   [ + ] Show comments

Comments

  • This content is currently hidden from public view.
    Reason: Removed by member request
    For more information, visit our FAQ's.


Community Chosen Answer

2

If you do have user accounts/passwords saved in KACE.  They would be under Settings>Credentials.  Check there and update accounts as needed.  These are only used when you have a script or other process call for a saved credential run.

To change the local workstation password via KACE, we use a KACE script command with a VBS script to change local admin passwords.  It works well (when run as local system and as an online script), but we have had issues with some passwords not changing because of specific characters in them (Mostly on Windows 7 PCs). 

Here is the script we use:  (you will need to change 3 items for username/password).

Set oShell = CreateObject("WScript.Shell")
Const SUCCESS = 0
 
sUser = "LOCALADMINUSER"
sPwd = "NEWPASSWORD"
 
' get the local computername with WScript.Network,
' or set sComputerName to a remote computer
Set oWshNet = CreateObject("WScript.Network")
sComputerName = oWshNet.ComputerName
 
Set oUser = GetObject("WinNT://" & sComputerName & "/" & sUser)
 
' Set the password
oUser.SetPassword sPwd
oUser.Setinfo
 
oShell.LogEvent SUCCESS, "LOCALADMIN password was changed!"

Answered 04/18/2018 by: DaveMT
Fourth Degree Black Belt

All Answers

1
Thank you guys
Answered 04/19/2018 by: Ted S
Senior White Belt

0
The local administrator password should be irrelevant because the KACE agent runs in the system context by default. If your scripts are set to run via a local user then that password would be stored in the credentials area. I would recommend changing the administrator password on one machine and then trying to run a script, should be easy enough to check.

Answered 04/18/2018 by: chucksteel
Red Belt

0

In my K2000 I use an account "LocalAdmin" to do my scripted installs.  When the deployment completes I no longer needed the account so I would reset the password to a random 20 character password and take the account out of the local admin group.  Below is the script do this.

---------------------------------------------------

@Echo Off
Setlocal EnableDelayedExpansion
Set _RNDLength=20
Set _Alphanumeric=ABCDEFGHIJKLMNOPQRSTUVWXYZ!@$%[]()~-_,^:?/\0123456789abcdefghijklmnopqrstuvwxyz
Set _Str=%_Alphanumeric%987654321
:_LenLoop
IF NOT "%_Str:~18%"=="" SET _Str=%_Str:~9%& SET /A _Len+=9& GOTO :_LenLoop
SET _tmp=%_Str:~9,1%
SET /A _Len=_Len+_tmp
Set _count=0
SET _RndAlphaNum=
:_loop
Set /a _count+=1
SET _RND=%Random%
Set /A _RND=_RND%%%_Len%
SET _RndAlphaNum=!_RndAlphaNum!!_Alphanumeric:~%_RND%,1!
If !_count! lss %_RNDLength% goto _loop
net user localadmin !_RndAlphaNum!
net localgroup Administrators localadmin /delete

---------------------------------------------------

Answered 10/06/2018 by: JordanNolan
Fifth Degree Black Belt