não é possível definir a senha do administrador local usando o GP

3

Estou atualizando nosso script de administração local, que não inclui o servidor 2008 r2.

Como o 2008 e o Windows 7 têm a mesma versão do Microsoft Windows [versão 6.1.7601], não posso fazer uma pesquisa de versão.

Eu tentei essa opção

systeminfo |findstr /B /C:"OS Name"|find "2008"
if not ERRORLEVEL 1 goto W2008

OR

wmic OS get Caption|find "2008"
if not ERRORLEVEL 1 goto W2008

Mas ambas as opções falham. o script é executado a partir do GP e é aplicado ao computador

@echo off
setlocal
:: Set full path to logfile:
set logfile=C:\temp\pwd.log
:: Initialise logfile:
date /T >%logfile%
echo Starting pwd.log on %computername% >>%logfile%
:: ##############################################################
:: Set the required passwords here:
set ntw2kadmin=ntwpass
set xpvistaadmin=xppass
set w2k3admin=2003pass
set w2k8admin=P2008pass
:: ##############################################################
:: Exceptions:
if /I "%COMPUTERNAME%"=="PC1" goto SKIP
if /I "%COMPUTERNAME%"=="PC2" goto SKIP
if /I "%COMPUTERNAME%"=="PC3" goto SKIP
:: Set password based on OS version: 
ver|find "4.0" >nul
if not ERRORLEVEL 1 goto NTW2K
ver|find "5.0" >nul
if not ERRORLEVEL 1 goto NTW2K
ver|find "5.1" >nul
if not ERRORLEVEL 1 goto XPVISTA
ver|find "5.2" >nul
if not ERRORLEVEL 1 goto 2K3
ver|find "6.0" >nul|
if not ERRORLEVEL 1 goto XPVISTA
wmic OS get Caption|find "2008"
if not ERRORLEVEL 1 goto W2008

:: Catch any unusual circumstances:
goto XPVISTA
:NTW2K
echo Setting local administrator password for this NT4 or Windows 2000 machine >>%logfile%
net user Administrator %ntw2kadmin% 2>&1 >>%logfile%
goto EOF
:XPVISTA
echo Setting local administrator password for this XP or Vista or Win 7 machine >>%logfile%
net user Administrator %xpvistaadmin% 2>&1 >>%logfile%
goto EOF
:2K3
echo Setting local administrator password for this Windows 2003 Server >>%logfile%
net user Administrator %w2k3admin% 2>&1 >>%logfile%
goto EOF
:W2008
echo Setting local administrator password for this Windows 2008 r2 Server >>%logfile%
net user Administrator %w2k8admin% 2>&1 >>%logfile%
goto EOF
:SKIP
echo Not setting local administrator password for %COMPUTERNAME% >>%logfile%
goto EOF
:EOF
echo setlapwd.bat: exiting >>%logfile%
:: Remove user permissions from the logfile's ACL:
cacls %logfile% /E /R BUILTIN\Users
:: End our local scope:
endlocal

ATUALIZAÇÃO: Script é aplicado ao Windows 2000, Windows XP, Windows 7, Windows Server 2003, mas não ao Windows 2008 r2

    
por james 22.05.2013 / 15:56

2 respostas

0

Isso funcionou perfeitamente para mim:

wmic OS get Caption|find "2008"
if not ERRORLEVEL 1 goto W2008

Meu palpite seria o erro em outro lugar neste script. Um pouco mais de solução de problemas pode estar em ordem.

O roteiro inteiro parece uma bagunça. Eu pressionaria por um script do PowerShell como substituto e talvez usasse filtros WMI apropriados. Ou melhor ainda, ative o seguinte GPO:

Computer Configuration, Windows Settings, Security Options, Account: Administrator account status, Disabled

Perfis de administrador local não são uma boa ideia em primeiro lugar.

    
por 23.05.2013 / 01:01
0

Aqui está a resposta. Eu usei o DSquery para pesquisar o nosso anúncio, se o seu servidor ou, em seguida, processar como servidor mais processo como área de trabalho.

@echo off
:: Limit scope:
setlocal
:: Set full path to logfile:
set logfile=C:\tmp\passlog.log
:: Initialise logfile:
date /T >%logfile%
echo Starting passlog.bat on %computername% >>%logfile%
:: ##############################################################
:: Set the required passwords here:
::windows 2003 password
set w2k3admin=pass1
::windows 2008 password
set w2k8admin=Pass1
::windows xp, vista, 7 and 8 password
set desktopadmin=pcpass
:: ##############################################################
:: We need a copy of dsquery.exe on the local machine:
echo check dsquery file... >>%logfile%
if not exist %windir%\system32\dsquery.exe copy "\shared\location\scripts\dsquery.exe" %windir%\system32\dsquery.exe
echo dsquery filed checked... >>%logfile%
:: Are we ignoreOU?
call dsquery computer -name %computername% | findstr /i "OU=ignoreOU"
if not ERRORLEVEL 1 goto ignoreOU
:: Are we a server?
call dsquery computer -name %computername% | findstr /i "OU=Servers"
if not ERRORLEVEL 1 goto server
:: Are we a DC?
call dsquery computer -name %computername% | findstr /i /C:"OU=Domain Controllers"
if not ERRORLEVEL 1 set goto server
::
goto desktop
:server
    ver|find "6.1" >nul
        if not ERRORLEVEL 1 goto 2k8
    ver|find "5.2" >nul
        if not ERRORLEVEL 1 goto 2k3
:2k8
    echo Setting local administrator password for windows server 2008... >>%logfile%
    net user Administrator %w2k8admin% 2>&1 >>%logfile%
    goto EOF
:2k3
    echo Setting local administrator password for windows server 2003... >>%logfile%
    net user Administrator %w2k3admin% 2>&1 >>%logfile%
    goto eof
:desktop
    echo Setting local administrator password for desktop/laptop... >>%logfile%
    net user Administrator %desktopadmin% 2>&1 >>%logfile%
    goto eof
:ignoreOU
    echo Not setting local administrator password for this ignoreOU server... >>%logfile%
    goto eof
:eof
echo passlog.bat: exiting >>%logfile%
:: Remove user permissions from the logfile's ACL:
cacls %logfile% /E /R BUILTIN\Users
:: End our local scope:
endlocal
    
por 23.05.2013 / 14:59