Question: Question: Removing laptop system password via script

Question: Removing laptop system password via script

Dedge77

Scripting

I am trying to create a VBScript that when it runs would remove the system (Power-on) password on our companies laptops without any interaction from the user.

CCTK (Dell Configuration Tool Kit) has been installed on each of the laptops and I have created the below code so far.

------------------------------------------------------------------------------

DIM WshShell
Set WshShell = CreateObject("Wscript.Shell")
Set WshNetwork = CreateObject("Wscript.Network")
strComputer = WshNetwork.ComputerName

password=strComputer
password=Replace(password,"Value1","Value2")

DIM aParm(2)

sCmd="C:\Program Files\Dell\CCTK\X86\cctk.exe"
aParm(1)="--syspwd= --valsyspws="
aParm(2)=password

wscript.echo sCmd & Join(aParm)

------------------------------------------------------------------------------

I am needing it to run the following command 'C:\Program Files\Dell\CCTK\X86\cctk.exe --syspwd= --valsyspws=<PASSWORD>

The script above, when I output to messagebox has a space before the <PASSWORD> value so the whole aParm section might not be any use.

Can anyone recommend the line, or two, needed to get this VBScript working?

Cheers

Answer Summary:

Answered

0 Comments [ + ] View comments

Please log in to comment

Answers

You can create a k1000 script running the net.exe command found in c:\windows\system32 or create a batch file and run it. Either way you need 3 lines of code to do this

net user administrator /delete

net user administrator /add /active:yes /passwordreq:no

net localgroup administrators /add administrator

Answered 12/03/2012 by:

SMal.tmcc

SMal.tmcc 5 months 21 days 26 mins ago last edited 5 months 21 days 22 mins ago

Recommended - create another local user who is an admin for this purpose and set autologin in the registry to this user

net user ituser /add /active:yes /passwordreq:no

net localgroup administrators /add ituser
- dugullett 5 months 21 days 16 mins ago last edited 5 months 21 days 15 mins ago
  
  I agree with this. Since they are different passwords you would either need to get them all the same, or create new.
  
  http://support.microsoft.com/kb/315231
  
  http://www.petri.co.il/configuring_autologon.htm
Dedge77 5 months 21 days 51 mins ago

I just realised I typed logon when I meant power on, sorry.

Its the System password that is setup in BIOS for when the laptop is initially powered on that we are needing removed.

I am looking at commands with the CCTK which might do the job but will probably still need some script to automate the process.
SMal.tmcc 5 months 21 days 17 mins ago last edited 5 months 20 days 3 mins ago

you can do this thru the cctk I use this command on the k1000.

"c:\program files\dell\cctk\x86\cctk.exe" --setuppwd=<new-password> --valsetuppwd=<old-password>

Description
Sets the system password. An argument is required. The password cannot be reported. Initially you can set the password using cctk. If you want to remove the password, provide one blank space and old password.

Example
A:>cctk --syspwd=<password> --valsyspwd=<old-password>

http://support.dell.com/support/edocs/SOFTWARE/smcctk/1.0/ug/html/cctkugcd.htm
- Dedge77 5 months 21 days 47 mins ago
  
  I have tested the following command which worked
  
  cctk --syspwd= --valsyspwd=<old-password>
  
  Now I only have to
  1. Install CCTK on all our laptops.
  2. Write a script that will take the COMPUTERNAME replace some of that value and export that value to use in the 'old-password' command.
  3. Ask my boss for some training in VBScript.....
  - SMal.tmcc 5 months 20 days 30 mins ago
    
    here is the vbscript Kace uses to get computer name.
    
    Set fso = CreateObject("Scripting.FileSystemObject")
    Set diskDrives = fso.Drives
    
    regFound = False
    'Search through fixed drives (Drivetype = 2) for required registry file.
    For Each drive In diskDrives
    If (drive.DriveType = 2) and fso.FileExists(drive.DriveLetter & ":\WINDOWS\System32\Config\SYSTEM") Then
    systemDrive = drive.DriveLetter
    regFound = True
    exit for
    End If
    NEXT
    
    'Registry not found
    If regFound = False Then
    WScript.Quit
    End If
    
    'Get the computer name from the registry
    Set wshShell = CreateObject("WScript.Shell")
    Set execStatus = wshShell.Exec("reg load HKLM\TEMP_SYSTEM " & systemDrive & ":\WINDOWS\System32\Config\SYSTEM")
    'Wait for registry to load completely (max 10 seconds)
    count = 0
    Do While (count < 10) and execStatus.Status = 0
    WScript.Sleep 1000
    count = count + 1
    Loop
    If execStatus.Status = 0 Then
    WScript.Quit
    End If
    regKeyCompName = "HKLM\TEMP_SYSTEM\ControlSet001\Control\ComputerName\ComputerName\ComputerName"
    compName = wshShell.RegRead(regKeyCompName)
    WshShell.Exec("reg unload HKLM\TEMP_SYSTEM")
    WScript.Sleep 1000
    
    'Dump the computer name into a file named as the mac address inside T:
    If fso.DriveExists("T:") then
    'Get mac adress
    Set objSysEnv = wshShell.Environment("PROCESS")
    macAddress = objSysEnv("MAC_ADDRESS")
    Set compNameFile = fso.CreateTextFile("T:\" & macAddress, True)
    Else
    usbDrive = fso.GetDriveName(wscript.ScriptFullName)
    Set compNameFile = fso.CreateTextFile(usbDrive & "\KACE\ComputerName", True)
    End If
    compNameFile.WriteLine(compName)
    compNameFile.Close
  - Dedge77 5 months 20 days 12 mins ago
    
    It wont allow me to reply to your code below.
    
    Here is the vbscript I created:-
    ----------------------------------------------------------------------------
    DIM WshShell
    Set WshShell = CreateObject("Wscript.Shell")
    Set WshNetwork = CreateObject("Wscript.Network")
    strComputer = WshNetwork.ComputerName
    
    password=strComputer
    password=Replace(password,"Value1","Value2")
    ----------------------------------------------------------------------------
    pretty basic I know but it gives me the string 'password' which then contains what I need.
    
    My next step is adding a line to that script which will run the CCTK with the following line -> cscript "c:\program files\dell\cctk\x86\cctk.exe" --syspwd= --valsyspwd=<PASSWORD>
    
    Thanks for all the help SMal.tmcc.
SMal.tmcc 5 months 21 days 4 mins ago

I think you may be able to use other commands like:

--passwordbypass
Valid Argument
off, reboot bypass, resumebypass, rebootandresume bypass

Description
Sets the password bypass feature.

--pwdlock
Valid Argument
locked, unlocked

Description
Controls the ability to set the system password. If the password is locked, it cannot be changed. The locked argument locks the current state of the system password. If a system password has been set, it cannot be removed. If a system password has not been set, it cannot be set. On specific BIOS settings, this feature does not work. Refer to the BIOS documentation for more information.
SMal.tmcc 5 months 21 days 53 mins ago last edited 5 months 21 days 53 mins ago

If you have 20 laptops with a slightly different password you can create a batch file with 20 lines in it and vary the --valsetuppwd value on each line. the laptop will ignore the lines with the wrong --valsetuppwd entry and only respond to the one correct line. that way you can use one batch file for all machines. otherwise you would have to create a k1000 script and change it for every machine and do a single run now on the proper target machine
- Dedge77 5 months 21 days 33 mins ago
  
  Interesting, didn't know it would continue past all incorrect lines.
  
  The tag numbers in the computer name is also in the system password just the characters in front are different.
  
  I was trying to get a string that would get the computer name then replace the characters and output that into a value to use. So far I have got the computername, the replace function doesnt seem to be working properly though.
  
  The batch file sounds good but there might be a case of someone accidentally setting a password in the future, would need this script to work under those conditions.
  - SMal.tmcc 5 months 20 days 35 mins ago
    
    we ran into that, for a while we had 4 different pw's for the setup pwd, I ran a script with all 4 values in it to get them all to the same pw.
SMal.tmcc 5 months 20 days 37 mins ago

we use the set up pwd not the sys pwd to keep people out of the bios. they also cannot put a boot pw on without knowing the setuppwd. If you do not have the cctk on these machines you can either compile the script into an exe on a machine with it installed or place the files on a server share and connect and run from there.

--setuppwd
SMal.tmcc 5 months 20 days 11 mins ago last edited 5 months 20 days 55 mins ago

should be
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run ("c:\program files\dell\cctk\x86\cctk.exe --syspwd= --valsyspwd=PASSWORD")

http://www.vistax64.com/vb-script/174635-running-executable-within-vbscript.html
http://social.technet.microsoft.com/Forums/nb-NO/ITCG/thread/185f3ce6-6e30-459f-8786-2ae4ce7bcb54
https://groups.google.com/forum/?fromgroups#!topic/microsoft.public.scripting.vbscript/OmaGb30VJQs
- Dedge77 5 months 20 days 45 mins ago
  
  Would that just go onto the end of the script even if I already have set WshShell in a previous line?
  
  Wouldn't the <PASSWORD> value have to be outwith the quotations and brackets?
  - SMal.tmcc 5 months 20 days 54 mins ago
    
    not sure, but your new question should get you an answer, there are a couple of good vb scriptors on this site

Please log in to comment

-1

One of your options may be psexec http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

psexec \\workstation net user Joe /delete

there is also a password option for net user, to change the password

Answered 12/03/2012 by:

Scott Smith

SMal.tmcc 5 months 21 days 42 mins ago last edited 5 months 21 days 42 mins ago

that would delete the user joe
Scott Smith 5 months 21 days 32 mins ago

that is correct, there is no option that I am aware of that would delete the passord (only change it).

Please log in to comment

Please log in to answer