Change administrator name

[chrno2004]

- Changes Admin/Guest name

- Deletes ASP,Support,Help users

- Disable Guest

I use this vbs for our network installations

Just edit the the CAPS section

On Error Resume Next

strComputer = "."
strCompPass = "SETYOURPASSWORDHERE"
strRemoveHA = "HelpAssistant"
strRemoveSup = "SUPPORT_388945a0"
strRemoveAdmin = "Administrator"
strRemoveASPNet = "ASPNET"

Set WshShell = WScript.CreateObject("WScript.Shell")
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & "." & "\root\default:StdRegProv")

strComputer = WshNetwork.ComputerName

'Renaming Administrator account
Set oMachine = GetObject("WinNT://" & strComputer)
Set oInfoUser = GetObject("WinNT://" & strComputer & "/Administrator,user")
set oUser = oMachine.MoveHere(oInfoUser.ADsPath,"NEWADMINNAME")

'Reseting Administrator Password
Set objUser = GetObject("WinNT://" & strComputer & "/NEWADMINNAME, user")
objUser.SetPassword "SETYOURPASSWORDHERE"
objUser.SetInfo

'Renaming Guest
Set oMachine = GetObject("WinNT://" & strComputer)
Set oInfoUser = GetObject("WinNT://" & strComputer & "/Guest,user")
set oUser = oMachine.MoveHere(oInfoUser.ADsPath, "NoGuest")

'Reseting Guest Password
Set objUser = GetObject("WinNT://" & strComputer & "/NoAccess, user")
objUser.SetPassword "SETYOURPASSWORDHERE"
objUser.SetInfo

'Disabling Guest Account
Set objUser = GetObject("WinNT://" & strComputer & "/NoAccess")
objUser.AccountDisabled = True
objUser.SetInfo

'Deleting Help Assistant Account, Support Account, ASPNET Account
Set objComputer = GetObject("WinNT://" & strComputer & "")
objComputer.Delete "user", strRemoveHA
objComputer.Delete "user", strRemoveSup
objComputer.Delete "user", strRemoveASPNet

[Guest a1ehouse]

Nice script chrno2004. I have tweaked it slightly for ease of use, plus I think there was something wrong with the guest part:

should "/NoAccess" be "/NoGuest"?

On Error Resume Next

strComputer = "."
strCompPass = "SETYOURPASSWORDHERE"
strNewAdminName = "SETYOURNEWADMINNAME"
strNewGuestName = "SETYOURNEWGUESTNAME"
strRemoveHA = "HelpAssistant"
strRemoveSup = "SUPPORT_388945a0"
strRemoveAdmin = "Administrator"
strRemoveASPNet = "ASPNET"

Set WshShell = WScript.CreateObject("WScript.Shell")
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & "." & "\root\default:StdRegProv")

strComputer = WshNetwork.ComputerName

'Renaming Administrator account
Set oMachine = GetObject("WinNT://" & strComputer)
Set oInfoUser = GetObject("WinNT://" & strComputer & "/Administrator,user")
set oUser = oMachine.MoveHere(oInfoUser.ADsPath, strNewAdminName)

'Reseting Administrator Password
Set objUser = GetObject("WinNT://" & strComputer & "/" & strNewAdminName & ", user")
objUser.SetPassword strCompPass
objUser.SetInfo

'Renaming Guest
Set oMachine = GetObject("WinNT://" & strComputer)
Set oInfoUser = GetObject("WinNT://" & strComputer & "/Guest,user")
set oUser = oMachine.MoveHere(oInfoUser.ADsPath, strNewGuestName)

'Reseting Guest Password
Set objUser = GetObject("WinNT://" & strComputer & "/" & strNewGuestName & ", user")
objUser.SetPassword strCompPass
objUser.SetInfo

'Disabling Guest Account
Set objUser = GetObject("WinNT://" & strComputer & "/" & strNewGuestName)
objUser.AccountDisabled = True
objUser.SetInfo

'Deleting Help Assistant Account, Support Account, ASPNET Account
Set objComputer = GetObject("WinNT://" & strComputer & "")
objComputer.Delete "user", strRemoveHA
objComputer.Delete "user", strRemoveSup
objComputer.Delete "user", strRemoveASPNet

[UnderTheGun]

Nice script. Do you know how to turn the "password never expires" off? That is, so the option is deselected in user manager? Any help would really be appreciated. Thanks.

My company wants us to turn it off. Here's their reasoning:

Password Expiration.

Severity: Important (Cat II)

Status : Open

PDI ID : 1745

Finding Details

HelpAssistant password does not expire.

SUPPORT_388945a0 password does not expire.

xadministrator password does not expire.

xguest password does not expire.

Vulnerability Discussion

Category II - Allowing individual users to have passwords that never expire, gives the ability of unauthorized system users to crack passwords and gain access to a system. Scheduled changing of passwords will hinder this ability.

Manual Fix Procedures

Ensure that individual users are not setup with the option password never expires.

References and Additional Resources

FSO Checklist: 5.07.1.2

NSA NT Guide: Chap. 5, p. 30; NSA WIN2K Guide, Group Policy: Security

Configuration Toolset: Chap. 3, p. 22; DODD 8500.1 Para 4.18; DODI 8500.2 DCCS-2,

DCSC-1; CJCSM 6510.01 App. A, Enclosure A, Para. 5.b (8)

[Yzöwl]

I know it sounds a little lame, but every link I have found for RENUSER.EXE is not available.

Could someone please find a working link or upload it, thanks.

[Fireplay5]

Is there a way to upload files here? I went ahead and put the file for you on my site which you can get it here! I can not say how long I will leave it there so if there is a more permanent solution then please let me know and I will upload it somewhere else. Good luck.

[Yzöwl]

missed your reply, sorry.

But I've just got it now, thanks.

[yaroz]

I use a program called BuiltIn.exe (I got it from a co-worker that was using it in a kix script). Then, it's just one line, put into a .cmd file..

START "" /WAIT "builtin.exe" /newname:LocalAdmin

[MyDomain]

Well i used RunOnceEx, to run my RenName.cmd...

Which contains the following:

cmdow @ /HID
@echo off

echo Renaming Administrator Account
renuser "Administrator" "My new name"

EXIT

It does rename the Administrator account, but when it is all done and it's waiting to enter it's password (i have classic login) it still say Administrator. I tryed to log in with My new name, works fine. But in Documents and settings there is a folder named Administrator, wich is the folder containing the info for My new name.

I want that to be renamed as well, just as nLite does, but i don't wanna use nLite.

With nLite it also fills in the new name automaticly.

Hope anyone can help me.

Thanks in advance

[Yzöwl]

renuser.exe works fine at cmdlines.txt, just add the usual details in your winnt.sif then add the following under [Commands], in your cmdlines.txt e.g.

"renuser.exe Administrator root"

where root is the new name chosen

For this to work you just need to put renuser.exe into your $OEM$ directory along side the cmdlines.txt

The other benefit of using renuser.exe at this stage is that the Profile directory name will be e.g. root as opposed to still using one called Administrator

[MyDomain]

oke thanks, i'll try that!

But the usual stuff, you mean you normal unattended awsners?

Thanks!

[rikgale]

Thanx Yzöwl. I know that there is a way to change this in nlite, but this is a useful way to change it without having re-nlite everytime I re-install on a different machine. Just change the cmdline.txt and burn. Cheers!

[Yzöwl]

oke thanks, i'll try that!

But the usual stuff, you mean you normal unattended awsners? 

I specifically meant AdminPassword if you use one, AutoLogonCount, I'm not sure about, it may not work due to the name change.

[rikgale]

The autologon part doesn't seem to work with the name change. I've just tried it. Had to change the logon name mannually and then it logged in as normal and installed everything.

Anyone any idea of how to get round this?

[MyDomain]

@Yzöwl or anyone else who knows

Well i tryed it, but it didn't work.

i added the following in my cmdlines.txt

[COMMANDS]
"REGEDIT /S tweaks.reg"
"Cleanup.cmd"
"renuser.exe "Administrator" "First Second""

I use a space in my name... maybe that is the reason why?

If so, what is the proper syntax?

Because renaming it without the quates around my name with the space it doesn't rename. I tested this when windows was running.

Thanks in advance

[rikgale]

You may also wish to watch out for the small issue that I have encountered. If you rename the Administrator account and have a cleanup.cmd that deteles short cuts and other such items from your start menu and some of these are Administrator specfic i.e.

DEL "%systemdrive%\Documents and Settings\Administrator\Start Menu\Remote Assistance.lnk"

Then you will have to change the Administrator part to the new name of your admin account. This is only likely to be a problem if you are going to install this on many differenet computers with different Administraor names.