Jump to content
damadhatter

Script to create/reset "MSPAdmin" account

Recommended Posts

We have a requirement to have a standard local account across all of our clients which we will have administrator access. We will want to change this password on a frequent basis. I created this script to accomplish this task. I would love to figure out a way to have this pull the password set for an "MSPAdmin" account at the company level so it can be fully automated without having to enter the password when the script is ran but way beyond my knowledge :) Details below

 

This scripts checks for the existing account "MSPAdmin" if the account exists the password is reset to the parameter set when running the script. The script then configures the account to be part of the local admins, password to not expire and hides the account from the logon screen.

 

If the account does NOT exist it creates the account "MSPAdmin" and then goes through the steps of setting this account to be part of the local admins, password to not expire and hides the account from the logon screen.

Create or Reset MSP Admin Account.zip

Share this post


Link to post
Share on other sites

damadhatter,

 

Thoughts:

 

- Check for MPriest's plguin that added a GET and SET password scripting function.

- Use the script to generate a "MSPAdmin" password if it doesn't exist and store it in the Password tab of the Client

- Use the script to then create/update your user account on the computer.

 

I am in the process of doing this for our TeamViewer install/update script. Will pass along screenshots when I get to it.

 

In short, totally do-able with MP's script functions.

Share this post


Link to post
Share on other sites

I don't see in this script where the MSPAdmin account gets created. Line 12 says 'add user with password' but there isn't a command associated so no account gets created.

Share this post


Link to post
Share on other sites
damadhatter,

 

Thoughts:

 

- Check for MPriest's plguin that added a GET and SET password scripting function.

- Use the script to generate a "MSPAdmin" password if it doesn't exist and store it in the Password tab of the Client

- Use the script to then create/update your user account on the computer.

 

I am in the process of doing this for our TeamViewer install/update script. Will pass along screenshots when I get to it.

 

In short, totally do-able with MP's script functions.

 

Any update on these screenshots? :)

Share this post


Link to post
Share on other sites

I have been working on this script today.

 

I created a second Client script that will look to see if "MSP Local Admin" password entry exists for a client and is NOT = to "" (ie, not empty).

 

If it is not empty, it will exit. (I will create another script later to rotate the MSP Local Admin password.....)

 

If the password IS empty, it will then generate a random password and then (using MPriest's "Plugin Server Function" -> "MP - Client Password - Set Password by Title") set the new random password for the Client's MSP Local Admin account.

 

So.... the problem.... If the MSP Local Admin password entry does not exist, MPriest's plugin script step will not CREATE the password entry.

 

How do I resolve?

- Add an SQL line to create the entry if it doesn't exist.

- Have MPriest add a "Create Password by Title" plugin script step.

 

Once, I have this... I should be home free. I already have updated the script for Creating MSPAdmin / Resetting MSPAdmin Account.

Share this post


Link to post
Share on other sites

Ok... used the SQL tool in LT to see what SQL query was used to create a password entry...

 

Insert into Passwords (ClientID,LocationID,Title,UserName,URL,Password,Notes,Expiredate) Values(%clientid%,0,'MSP Local Admin','mspadmin','',AES_ENCRYPT('@MSPAdminPass@',SHA(' 2')),'',NULL); 0

 

now to wrap this all up.....

Share this post


Link to post
Share on other sites

Script 1: MSPAdmin - Create Client Level Password

 

Here is my script to:

1 - Create a password entry for a username of your choice, under the password title of your choice (both set under Globals and Parameters).

2 - Generates a random password (according to the complexity settings you set in line 13)

3 - Update the password for the password entry with the random password

 

MSPAdmin-Create Client Level Password.zip

Share this post


Link to post
Share on other sites

Script 2: MSPAdmin - Create Account or Reset Password

 

Here is my script to:

1 - Grabs a password entry for a username of your choice, under the password title of your choice (both set under Globals and Parameters) from the Client Passwords tab.

2 - Creates a user under the username you put into the script Globals/Parameters

 

It uses all the basics of damadhatters' script at the start of this thread.....

 

 

 

(Note, this may need some love. I'd like to make certain it will rotate passwords. I will give some attention to that later this week.)

 

ALSO, You MUST install the following plugin (free at the moment) or this script will bomb on step 4: http://www.labtechgeek.com/forum/viewtopic.php?f=4&t=485&p=2884#p2884

MSPAdmin - Create Account or Reset Password.zip

Share this post


Link to post
Share on other sites
Script 1: MSPAdmin - Create Client Level Password

 

Here is my script to:

1 - Create a password entry for a username of your choice, under the password title of your choice (both set under Globals and Parameters).

2 - Generates a random password (according to the complexity settings you set in line 13)

3 - Update the password for the password entry with the random password

 

[attachment=0]MSPAdmin-Create Client Level Password.zip[/attachment]

 

It appears your script trys to call a plugin function...? Where did you get this plugin? What is it? I've tried (without success) to find the plugin mentioned above that mpriest created.

Share this post


Link to post
Share on other sites
Script 1: MSPAdmin - Create Client Level Password

 

Here is my script to:

1 - Create a password entry for a username of your choice, under the password title of your choice (both set under Globals and Parameters).

2 - Generates a random password (according to the complexity settings you set in line 13)

3 - Update the password for the password entry with the random password

 

[attachment=0]MSPAdmin-Create Client Level Password.zip[/attachment]

 

It appears your script trys to call a plugin function...? Where did you get this plugin? What is it? I've tried (without success) to find the plugin mentioned above that mpriest created.

It's at the end of the following post.

Share this post


Link to post
Share on other sites

Trying to get this working but it seems to fail on setting the random password for the client password entry. It creates the password title and username fine and gives it a password of "blankpassword" but won't change that password, even on subsequent runs of the script. Can anyone point out to me where client level scripts log to so I can see where it's falling over?

 

Thanks,

 

Steve

Share this post


Link to post
Share on other sites

This is great; however it shows the new password in plain text within Command History. Has anyone found a way to hide this or know of a way? (I am using the script from the first post without the plug in needed).

Share this post


Link to post
Share on other sites
This scripts checks for the existing account "MSPAdmin" if the account exists the password is reset to the parameter set when running the script. The script then configures the account to be part of the local admins, password to not expire and hides the account from the logon screen.

This is really useful. thanks for this

Edited by Guest

Share this post


Link to post
Share on other sites
Trying to get this working but it seems to fail on setting the random password for the client password entry. It creates the password title and username fine and gives it a password of "blankpassword" but won't change that password, even on subsequent runs of the script. Can anyone point out to me where client level scripts log to so I can see where it's falling over?

 

Thanks,

 

Steve

 

 

We are running into the same problem. Were you able to get this fixed?

 

Thanks,

Jon

Share this post


Link to post
Share on other sites

All-

Trying to bring this back from the dead...

Michael Priest's plug in "Script Function Enhancements" is no longer available.  I assume it does not work on  Automate 2019.

Has anyone messed with making a replacement for that part?  

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...