Server Local Admin Password Audit
Written on November 24, 2011
A situation arose where I had to check all our Windows servers to see if any were using a particular local administrator password. I wrote the following script to allow me to test a dynamically generated set of credentials. It uses WMI because that allows specifying a particular set of credentials and is relatively lightweight in comparison to other tests.
# Generate a secure string with the password stored in it. Alternatively you could prompt the user
$pass = ConvertTo-SecureString -AsPlainText -Force -String "Pa55w0rdToTest"
# What username should be tested?
$username = "Administrator"
# Find every computer in AD running an operating system with "Server" in its name.
foreach ($server in $(Get-ADComputer -Filter {OperatingSystem -like "*Server*"})) {
# Make sure the server can be contacted
if (Test-Connection $server.Name -Quiet) {
# Build a local administrator credential
$credential = New-Object System.Management.Automation.PSCredential("$($server.Name)\$username",$pass)
# Try to connect to the computer with the credential
try {
$null = Get-WmiObject Win32_OperatingSystem -Credential $credential -ComputerName $server.Name
Write-Host "$($server.Name) :: Success" -ForegroundColor Green -BackgroundColor Black
} catch { Write-Host "$($server.Name) :: Fail" -ForegroundColor Red -BackgroundColor Black }
}
}
Comments/questions
There's no commenting functionality here. If you'd like to comment, please either mention me (@[email protected]) on Mastodon or email me. I don't have any logging or analytics running on this website, so if you found something useful or interesting it would mean a lot to hear from you.