Sunday, September 18, 2011

Checking Windows Password - Audit

Hi Guys,

If you are given a 1 machine with a lot of user ID, what are the probability that you can find any of them with blank password?I would like to share the script which have the detection.Please use this with a proper authorization from your department lead.It is a great way for audit, but mostly bad guys won't do it this way. By using this code you might find You can refer to my blogs for more information.

On Error Resume Next

Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName

strPassword = ""

Set colAccounts = GetObject("WinNT://" & strComputer)
colAccounts.Filter = Array("user")

For Each objUser In colAccounts
objUser.ChangePassword strPassword, strPassword
If Err = 0 or Err = -2147023569 Then
Wscript.Echo objUser.Name & " is using a blank password."
End If
Err.Clear
Next

The script won't run if you have password policy for your servers.

No comments:

Post a Comment