I am trying to create a VBScript that when it runs would remove the system (Power-on) password on our companies laptops without any interaction from the user.

CCTK (Dell Configuration Tool Kit) has been installed on each of the laptops and I have created the below code so far.

------------------------------------------------------------------------------

DIM WshShell
Set WshShell = CreateObject("Wscript.Shell")
Set WshNetwork = CreateObject("Wscript.Network")
strComputer = WshNetwork.ComputerName

password=strComputer
password=Replace(password,"Value1","Value2")

DIM aParm(2)

sCmd="C:\Program Files\Dell\CCTK\X86\cctk.exe"
aParm(1)="--syspwd= --valsyspws="
aParm(2)=password

wscript.echo sCmd & Join(aParm)

------------------------------------------------------------------------------

I am needing it to run the following command 'C:\Program Files\Dell\CCTK\X86\cctk.exe --syspwd= --valsyspws=<PASSWORD>

The script above, when I output to messagebox has a space before the <PASSWORD> value so the whole aParm section might not be any use.

Can anyone recommend the line, or two, needed to get this VBScript working?

Cheers

Answer Summary:
Cancel
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

3

You can create a k1000 script running the net.exe command found in c:\windows\system32 or create a batch file and run it.  Either way you need 3 lines of code to do this

net user administrator /delete

net user administrator /add /active:yes /passwordreq:no

net localgroup administrators /add administrator

Answered 12/03/2012 by: SMal.tmcc
Red Belt

  • Recommended - create another local user who is an admin for this purpose and set autologin in the registry to this user

    net user ituser /add /active:yes /passwordreq:no

    net localgroup administrators /add ituser

  • I just realised I typed logon when I meant power on, sorry.

    Its the System password that is setup in BIOS for when the laptop is initially powered on that we are needing removed.

    I am looking at commands with the CCTK which might do the job but will probably still need some script to automate the process.

  • you can do this thru the cctk I use this command on the k1000.

    &quot;c:\program files\dell\cctk\x86\cctk.exe&quot; --setuppwd=&lt;new-password&gt; --valsetuppwd=&lt;old-password&gt;

    Description
    Sets the system password. An argument is required. The password cannot be reported. Initially you can set the password using cctk. If you want to remove the password, provide one blank space and old password.

    Example
    A:&gt;cctk --syspwd=&lt;password&gt; --valsyspwd=&lt;old-password&gt;


    http://support.dell.com/support/edocs/SOFTWARE/smcctk/1.0/ug/html/cctkugcd.htm

    • I have tested the following command which worked

      cctk --syspwd= --valsyspwd=<old-password>

      Now I only have to
      1. Install CCTK on all our laptops.
      2. Write a script that will take the COMPUTERNAME replace some of that value and export that value to use in the 'old-password' command.
      3. Ask my boss for some training in VBScript.....

      • here is the vbscript Kace uses to get computer name.

        Set fso = CreateObject("Scripting.FileSystemObject")
        Set diskDrives = fso.Drives

        regFound = False
        'Search through fixed drives (Drivetype = 2) for required registry file.
        For Each drive In diskDrives
            If (drive.DriveType = 2) and fso.FileExists(drive.DriveLetter & ":\WINDOWS\System32\Config\SYSTEM") Then
                systemDrive = drive.DriveLetter
                regFound = True
                exit for
            End If
        NEXT

        'Registry not found
        If regFound = False Then
            WScript.Quit
        End If

        'Get the computer name from the registry
        Set wshShell = CreateObject("WScript.Shell")
        Set execStatus = wshShell.Exec("reg load HKLM\TEMP_SYSTEM " & systemDrive & ":\WINDOWS\System32\Config\SYSTEM")
        'Wait for registry to load completely (max 10 seconds)
        count = 0
        Do While (count < 10) and execStatus.Status = 0
            WScript.Sleep 1000
            count = count + 1
        Loop
        If execStatus.Status = 0 Then
            WScript.Quit
        End If
        regKeyCompName = "HKLM\TEMP_SYSTEM\ControlSet001\Control\ComputerName\ComputerName\ComputerName"
        compName = wshShell.RegRead(regKeyCompName)
        WshShell.Exec("reg unload HKLM\TEMP_SYSTEM")
        WScript.Sleep 1000

        'Dump the computer name into a file named as the mac address inside T:
        If fso.DriveExists("T:") then
        'Get mac adress
        Set objSysEnv = wshShell.Environment("PROCESS")
        macAddress = objSysEnv("MAC_ADDRESS")
            Set compNameFile = fso.CreateTextFile("T:\" & macAddress, True)
        Else
        usbDrive = fso.GetDriveName(wscript.ScriptFullName)
            Set compNameFile = fso.CreateTextFile(usbDrive & "\KACE\ComputerName", True)
        End If
        compNameFile.WriteLine(compName)
        compNameFile.Close

      • It wont allow me to reply to your code below.

        Here is the vbscript I created:-
        ----------------------------------------------------------------------------
        DIM WshShell
        Set WshShell = CreateObject("Wscript.Shell")
        Set WshNetwork = CreateObject("Wscript.Network")
        strComputer = WshNetwork.ComputerName

        password=strComputer
        password=Replace(password,"Value1","Value2")
        ----------------------------------------------------------------------------
        pretty basic I know but it gives me the string 'password' which then contains what I need.

        My next step is adding a line to that script which will run the CCTK with the following line ->  cscript "c:\program files\dell\cctk\x86\cctk.exe" --syspwd= --valsyspwd=<PASSWORD>

        Thanks for all the help SMal.tmcc.

  • I think you may be able to use other commands like:

    --passwordbypass
    Valid Argument
    off, reboot bypass, resumebypass, rebootandresume bypass

    Description
    Sets the password bypass feature.

    --pwdlock
    Valid Argument
    locked, unlocked

    Description
    Controls the ability to set the system password. If the password is locked, it cannot be changed. The locked argument locks the current state of the system password. If a system password has been set, it cannot be removed. If a system password has not been set, it cannot be set. On specific BIOS settings, this feature does not work. Refer to the BIOS documentation for more information.

  • If you have 20 laptops with a slightly different password you can create a batch file with 20 lines in it and vary the --valsetuppwd value on each line.  the laptop will ignore the lines with the wrong --valsetuppwd entry and only respond to the one correct line.  that way you can use one batch file for all machines.  otherwise you would have to create a k1000 script and change it for every machine and do a single run now on the proper target machine

    • Interesting, didn't know it would continue past all incorrect lines.

      The tag numbers in the computer name is also in the system password just the characters in front are different.

      I was trying to get a string that would get the computer name then replace the characters and output that into a value to use.  So far I have got the computername, the replace function doesnt seem to be working properly though.

      The batch file sounds good but there might be a case of someone accidentally setting a password in the future, would need this script to work under those conditions.

      • we ran into that, for a while we had 4 different pw's for the setup pwd, I ran a script with all 4 values in it to get them all to the same pw.

  • we use the set up pwd not the sys pwd to keep people out of the bios.  they also cannot put a boot pw on without knowing the setuppwd.  If you do not have the cctk on these machines you can either compile the script into an exe on a machine with it installed or place the files on a server share and connect and run from there.

    --setuppwd

    • Would that just go onto the end of the script even if I already have set WshShell in a previous line?

      Wouldn't the <PASSWORD> value have to be outwith the quotations and brackets?

      • not sure, but your new question should get you an answer, there are a couple of good vb scriptors on this site

Please log in to comment
-1

One of your options may be psexec http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

 

psexec \\workstation net user Joe /delete

there is also a password option for net user, to change the password

Answered 12/03/2012 by: Scott Smith
Senior White Belt

  • that would delete the user joe

  • that is correct, there is no option that I am aware of that would delete the passord (only change it).

Please log in to comment
Answer this question or Comment on this question for clarity