Use PowerShell to change Local Admin Passwords on Multiple Machines

Ran into an issue with the need to change the local administrator password on several servers.
Decided to try my hand with PowerShell to do the job.

After some research I found a few scripts that got me close, so I have done some tweaking and created a script that will:
Thanks to http://poshcode.org/567 and http://myitforum.com/cs2/blogs/yli628/archive/2007/08/23/powershell-script-to-change-administrator-password-on-a-list-of-machines.aspx for getting me on my way with this.

• Use a text file list of machine names as input to the script
• Create a randomly generated complex password for each machine
• Ping the machine to verify it is online
• Change the local admin password to the new complex password
• Write all changes and passwords to an Excel file

I decided to have it write the passwords to an Excel File so I can easily import them into our Secret Server password management system.

Your milage may vary but this is what I needed:

Copy the below code into PowerGUI Script Editor (or your favorite editor) and it should format all the line breaks correctly.

---------------------------

#
# Script Name: Change Local Admin Passwords
# Version: 1.5
# Author: Andrew H. Bradley II
# Date: 11/3/08
#
# Description:
# Requires Microsoft Excel to be available on the machine running this script!
#
# This script will accept a list of machine names from c:\MachineList.txt
# Using that list it will ping each machine to verify it is active.
# Once verified it will use the credentials of the script to change the local Administrator account password.
# It will then open an Excel Spreadsheet and write the status of each MachineName and what it's password now is.
# All passwords are randomly generated - the random nature of the passwords can be controlled via the script in line 122
#
# Special Thanks to Ying Li at myITforum.com and to the PowerShell Code Repository for the Complex Password Function
# http://myitforum.com/cs2/blogs/yli628
# http://poshcode.org/567
#
# Functions
Function New-ComplexPassword ([int]$Length=8, $digits=$null, $alphaUpper=$null, $alphaLower=$null, $special=$null)
{
# ASCII data taken from http://msdn2.microsoft.com/en-us/library/60ecse8t(VS.80).aspx
# Make sure the password is long enough to meet complexity requirements
if($digits+$alphaUpper+$alphaLower+$special -gt $Length) { throw "Password too short for specified complexity" }
# Define character groups and the number of each required by passwords
# In case this is used in a DCPromo answer files, theres a few chars to
# avoid: Ampersand, Less than, double quote and back slash
# (34,38,60,92)
$groups = @()
$group = New-Object System.Object
Add-Member -In $group -Type NoteProperty -Name "Group" -Value "0123456789" # 48..57
Add-Member -In $group -Type NoteProperty -Name "Count" -Value $Digits
$groups += $group
$group = New-Object System.Object
Add-Member -In $group -Type NoteProperty -Name "Group" -Value "ABCDEFGHIJKLMNOPQRSTUVWXYZ" # 65..90
Add-Member -In $group -Type NoteProperty -Name "Count" -Value $alphaUpper
$groups += $group
$group = New-Object System.Object
Add-Member -In $group -Type NoteProperty -Name "Group" -Value "abcdefghijklmnopqrstuvwxyk" # 97..122
Add-Member -In $group -Type NoteProperty -Name "Count" -Value $alphaLower
$groups += $group
$group = New-Object System.Object
Add-Member -In $group -Type NoteProperty -Name "Group" -Value '~`!@#$%^&*()-_={}[]\;:"<>?,./'' ' # 32..47, 58..64, 91..96, 123..126
Add-Member -In $group -Type NoteProperty -Name "Count" -Value $special
$groups += $group
# initilize random number generator
$ran = New-Object Random
# make sure password meets complexity requirements
foreach ($req in $groups)
{
if ($req.count)
{
$charsAllowed += $req.group
for ($i=0; $i -lt $req.count; $i++)
{
$r = $ran.Next(0,$req.group.length)
$password += $req.group[$r]
}
} elseif ($req.count -eq 0) {
$charsAllowed += $req.group
}
}
# make sure password meets length requirement
if(!$charsAllowed)
{
$groups % { $charsAllowed += $_.group }
}
for($i=$password.length; $i -lt $length; $i++)
{
$r = $ran.Next(0,$charsAllowed.length)
$password += $charsAllowed[$r]
}
# randomize the password
return [string]::join('',($password.ToCharArray()sort {$ran.next()}))
}
# Main Program
# Open Excel Object
$a = New-Object -comobject Excel.Application
$a.visible = $True
# Create a new WorkBook/WorkSheet
$b = $a.Workbooks.Add()
$c = $b.Worksheets.Item(1)
# Create the Column Headers
$c.Cells.Item(1,1) = "Machine Name"
$c.Cells.Item(1,2) = "Password Changed"
$c.Cells.Item(1,3) = "Report Time Stamp"
$c.Cells.Item(1,4) = "Password"
# Format the Column Headers
$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True
# Setup first data row following headers
$intRow = 2
# Run this loop for every machine listed in the MachineList.txt file
foreach ($strComputer in get-content C:\MachineList.Txt)
{
$c.Cells.Item($intRow,1) = $strComputer.ToUpper()
#This is using WMI to ping the computers and return a status
$Reply = Gwmi Win32_PingStatus -Filter "Address = '$strComputer'" Select-Object StatusCode
if ($Reply.StatusCode -eq 0)
{
# Use ADSI to change the local administrator account's password
$admin=[adsi]("WinNT://" + $strComputer + "/administrator, user")
# Call the New-ComplexPassword Function to create a new random password
$adminpass=New-ComplexPassword 8 3 2 2 1
# Set the password to the local machine
$admin.SetPassword($adminpass)
# Write the results to the Excel Sheet
$c.Cells.Item($intRow,2).Interior.ColorIndex = 4
$c.Cells.Item($intRow,2) = "Yes"
$c.Cells.Item($intRow,3) = Get-Date
$c.Cells.Item($introw,4) = $adminpass
}
#If the ping reqest fails
Else
{
$c.Cells.Item($intRow,2).Interior.ColorIndex = 3
$c.Cells.Item($intRow,2) = "Not Pingable"
$c.Cells.Item($intRow,3) = Get-Date
}

# Clear the variables for the next loop and increment the row number
$Reply = ""
$adminpass = ""
$intRow = $intRow + 1
}
# Autofit the entire WorkSheet
$d.EntireColumn.AutoFit()
cls

Indy Racing Experience

I recently had the opportunity to drive an Indy car at the Indianapolis 500 track - part of the Indy Racing Experience.



What a rush! Even if I only got to drive 3 laps, it was a once in a lifetime experience.

When you first get to the track you have to sign your life away on about 10 different forms and insurance paperwork. Then the fun begins. They have you change into a Indy firesuit and shoes - now you start to feel like a driver.

They sit you down in a small room and go over the car:

1. No Shifting - they will push-start the car in top gear
2. Gas/Brake/Clutch/Dead Pedal - it is pretty tight in the car and you cannot see down so you have to quickly feel for the pedals.
3. There is a pace car leading you around the track on the ideal line - stay behind that car at least 6 car lengths.
4. Drive at your own pace - the pace car will slow you down if the track spotters think you are driving too erratic for the speed.

Out to the track to look at the pit and cars - then you DRIVE!

Once out there I learned that these cars have a Honda Goldwing engine (it is what would fit in the engine compartment). Average speeds range all over, but the fastest was a professional driver with a average of around 120mph.

When it is your turn you get a fire mask and helmet - then strapped into the car. It is a unique feeling as you are mostly laying down in the car and strapped with the racing harness. Not much room at all - I am 6' 3" and very close to the top of the range of allowable heights due to the space constraints.

When the pace car comes around they push you off and you release the clutch and GO!!!!

What a rrush - driving around the track that I have watched many a race on. I now have a totally different view of Indy Racing and even more of an appreciation for what the drivers go thru in a race.

You hit the banked turns and it just sucks the car down the track. Following the lead car, you try and hit the turns high - but that is harder than it seems because in the car it looks like you are driving right into the wall until the turn sucks you down.
The steering is very, very tight - only a little movement causes the car to turn. Definitely not like driving my VW....

They time the second of three laps to get your average speed. I did not do too badly - missed turn two low and drove mostly thru the middle of the turn losing some speed. Other than that I had my foot on the floor and drove!

Average Speed: 105 mph

I'll take that. The fastest driver in our group that day was 110 mph. I think I could have gotten close to that had I not missed the turn low.....

What a great experience. I recommend it for anyone that enjoys racing and driving.

ESXi Copy/Clone VM - Poor Man's Template and Clone

Ran into an issue today on a ESXi box.

We do not have VirtualCenter in a remote location and we wanted to add a new ESXi server. Do it as cheap as possible - no VC and thus no Templates.

1st problem - need to copy ISO's to the ESXi box to do the Windows installations.
No Problems - just login to the local VI client of the server and use the datastore browser to upload files to the root of datastore1.

Now - use these ISOs to install Windows Server.
Patch Windows Server.

Problem 2 - Without VirtualCenter you do not have the ability to make a template of this server. Also on ESXi you cannot clone a server.

1. In VI create a new directory in the datastore for your new server
2. Copy the vmdk file from the Windows Server you created 1st into this new directory. Only copy the vmdk file - nothing else.
3. Now you need to get a console on ESXi to do some of this work. But, no service console and no SSH. I found a posting on how to enable the 'Tech Support' mode on ESXi and that will open SSH.

WARNING - This is NOT SUPPORTED and introduces Security Issues, follow at your own risk.
From (http://www.yellow-bricks.com/2008/08/10/howto-esxi-and-ssh/)

1. Go to the ESXi console and press alt+F1
2. Type: unsupported
3. Enter the root password
4. At the prompt type “vi /etc/inetd.conf”
5. Look for the line that starts with “#ssh” (you can search with pressing “/”)
6. Remove the “#” (press the “x” if the cursor is on the character)
7. Save “/etc/inetd.conf” by typing “:wq!”
8. Restart the management service “/sbin/services.sh restart”

Now login via Putty to get a console.

1. Navigate to the new directory created above. (cd \vmfs\volumes\datastore1\xxx)
2. rename the Server to the new name (mv 'Windows1.vmdk' 'Windows2.vmdk')
   Need to do this for both files - the vmdk and the *-flat.vmdk
3. VI Windows2.vmdk
4. find the line near the top that has the old filename listed
5. change this filename to the new one and save/exit VI

Back to VMWare VI client

1. Make a new VM on this server
2. Choose 'Custom' and when you get to the 'Select a Disk' portion of creation you will browse the datastore and select this newly renamed vmdk file.

Now just start the new VM and go!

EDIT

You can use these same steps to clone a VM.
Just take the VM that you wish to clone and do the VMDK copy from above. Don't forget to edit the new vmdk file and then create a new VM - attach this copy of the vmdk and you have now cloned a VM in ESXi!

ESXi home setup for Cheap

I was looking to build a cheap home system to run ESXi v3.5.

I was looking to build a system with a dual-core processor, 4GB of RAM and a 500GB drive. I was also wanting to have a very small case and a system with low electrical consumption.

AMD is selling the cheapest processors for dual-core systems and all of their processors in this range are 64bit compatible. They also have lower power draws than the Intels.
Drawback to the AMD system is that you have to add a NIC and SATA card as ESXi does not support the ones on the motherboard - unless you purchase a more expensive board. To save money I chose to purchase the cheaper motherboard and add the components as it was less expensive than the supported board with integrated components.

Here are the specifications I settled on:
ASUS M2N-MX SE PLUS - $46.99 (newegg) AMDA64 X2 5000+ 2.6G - $59.50 (newegg)
2GX2KST KVR800D2K2/4GR RT - $68.49 (newegg)
NIC INTELPWLA8391GTBLK - $24.99 (newegg)
LITE-ONDH-16D3P-08 - $17.99 (newegg)
HD 500GHITC 7K 16M HDP725050GLA360 - $64.99 (newegg)
CASE APEVIA(ASP)X-QPACK-NW-BK/420 - $64.99 (newegg)
Adaptec Serial ATA RAID 1210SA - $19.99 (e-bay)

Total Price with Shipping: $409.39

SmartPhone replacement for Pager

Here is a great little program that will allow you to use your Windows Mobile SmartPhone as a replacement to a pager.

http://www.watchflag.com

It will "watch" for both e-mail and SMS messages - then it has rules based alerts that can be configured for both the subject and message body.

ESX on Dell Optiplex 755

In my test environment I am going to use Dell Optiplex 755 machine(s) in place of our normal rack servers. This is for cost reasons as we lease Dell 755 computers and I can use a few of our spare units for this test lab.

1. The NIC that is in the Optiplex desktops does NOT work with ESX/ESXi
   There are several options but the one that seems to be the best is the Intel Pro 1000 series. For this I needed the low profile option as our machines are the SFF model and only support low profile cards. (Intel Pro/1000 GT #PWLA8391GTLBL) $38
2. I increased the interal drive to a Hitachi 500GB drive (Hitachi #P7K500) $72
3. RAM is a huge factor for Virtualization so I added 4GB and can go to 8GB if necessary
   (Kingston 240 pin DDR2) $87

I did encounter a few bumps along the way:

• Processor - you need to have a processor that can run 64bit. Initially my 755 shipped with a E4600 dual-core processor. I enabled VT in the BIOS but it would not run 64bit VMs. This is because all "E" series processor's do not support 64bit - you need to have a "Q" series processor
  Here is a link from Intel that will allow a comparison of any processor and the options that each will support:
  http://compare.intel.com/PCC/intro.aspx
  select "Intel Desktop"
• You can use the AMD processors if your box supports them as all of the new AMD processors support 64-bit

I opted to move to a quad-core processor as the costs have decreased:
Q6600 (Quad-Core 2.4GHz) $245

There are a few steps to be taken to get ESX/ESXi to install on a desktop machine. Here are the link that I got this information from:
http://www.vm-help.com/esx/esx3.5/Whiteboxes_SATA_Controllers_for_ESX_3.5_3i.htm
This link gives a good breakdown of what motherboards/machines ESX can run on

http://x220.minasi.com/forum/topic.asp?TOPIC_ID=27913
This link has the setup to get ESX/ESXi to install

Pre-install:
* Go into the Bios and change the SATA operation to "Legacy"
* Enable Virtualization and VT for Direct I/O
* Disable NIC, the NIC on the mobo will not work

VMWare ESX Test/Dev Setup

I am going to setup a VMWare test environment in order to do both development testing with VMWare and to be able to bring online a "copy" of our production environment.

This test lab will be composed of older servers that have been obsoleted as well as some powerful desktop units.

The goal of this is to be able to bring online VMs that are both 32bit and 64bit - restores from the vRangerPro backup and new VMs. Also, bring online different test iSCSI appliances for testing.

Lastly, in the environment be able to bring in a Backup-Exec v11 and v12 setup to test restorations of our backup to disk and tape situations.

1st Post

Here I am - guess it is time to get with the technology and start my own blog.

Here is where I am going to post random thoughts about technology and anything else that crosses my mind.

Stay tuned - more to come!