1 of 1 people found this helpful
If it’s the built-in admin, the sid should be the same across all boxes right?
So look for the mapping of the sid to user name and then run your passwd change against that.
not sure if I got your point Bill...
The SID's are only same for the last part ("-500"). The rest looks like random.
And yes we are talking about the built-in admin.
Caveat: I'm a Linux guy. But last year, I worked to update our corporate Linux/Windows password rotation policy. I worked extremely closely with a Windows/C# developer.
Here's the approach:
Look up the SIDs, find any that end in -500. Look up associated login name. And change password of this login name.
I'm looking at the C# windows code that does this. It opens the local "/Administrators" group and goes through each SID of this group. (Which be just a few members, else you've got bigger problems!)
For each SID in this group, it looks to see if the SID ends in -500.
This is a good check, as there's a small random chance that a regular user's SID may end in -500. (I think -- a Windows person may confirm.)
Thanks for your post. That was also my idea on how to solve this issue.
I don't really like the approach because it kind of "dirty", but if there is no other way... :-)
Now I need to work out how I build this "procedure" in my BLPackage.