PowerCLI

Need script to change admin password for all VMs(windows)

One way of doing this is with the Invoke-VMScript cmdlet.

I assume that you have all the VMs where you need to change the administrator password in the variable $vms.

I also assume that your account has admin authority on all the guest OS.

Then you could do something like this

$script = @"
$localadministrator=[adsi]("WinNT://./administrator, user")
$localadministrator.psbase.invoke("SetPassword", "your-new-password")
"@

foreach($vm in $vms){
    Invoke-VMScript -ScriptText $script -VM $vm
}

Hi LucD,

Need your help on changing the root password for Linux VM.

It throws the following error when i run on Linux VM

Thanks

Suresh

Did you use an account on the GuestUser/GuestPassword parameters, that has the required permissions inside the guest OS ?

The error message seems to indicate you didn't.

Yes, I did use GuestUser GuestPassword parameters in the script.

It works for non-root accounts.

script text

echo 'newpassword' | passwd --stdin root

I'm not sure which Linux distribution you are using, but can you have a look at /var/adm/messages

It might contain a pointer to the cause of the problem.

I am using redhat 6.

as suggested, I will check /var/logmessages  to get some clue on the issue and get back to you

Hi,

This is what i see under /var/log/secure

Oct  7 14:39:51 nocrhevm01 vmtoolsd: PAM unable to dlopen(/lib64/security/pam_unix2.so): /lib64/security/pam_unix2.so: cannot open shared object file: No such file or directory

Oct  7 14:39:51 nocrhevm01 vmtoolsd: PAM adding faulty module: /lib64/security/pam_unix2.so

Oct  7 14:39:51 nocrhevm01 vmtoolsd: PAM unable to dlopen(/lib64/security/pam_unix2.so): /lib64/security/pam_unix2.so: cannot open shared object file: No such file or directory

Oct  7 14:39:51 nocrhevm01 vmtoolsd: PAM adding faulty module: /lib64/security/pam_unix2.so

Oct  7 14:39:51 nocrhevm01 passwd: pam_unix(passwd:chauthtok): password changed for root

Oct  7 14:39:51 nocrhevm01 vmtoolsd: PAM unable to dlopen(/lib64/security/pam_unix2.so): /lib64/security/pam_unix2.so: cannot open shared object file: No such file or directory

Oct  7 14:39:51 nocrhevm01 vmtoolsd: PAM adding faulty module: /lib64/security/pam_unix2.so

Oct  7 14:39:51 nocrhevm01 vmtoolsd: pam_unix(vmtoolsd:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root

Oct  7 14:39:53 nocrhevm01 vmtoolsd: PAM 1 more authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root

Oct  7 14:39:53 nocrhevm01 vmtoolsd: PAM unable to dlopen(/lib64/security/pam_unix2.so): /lib64/security/pam_unix2.so: cannot open shared object file: No such file or directory

Oct  7 14:39:53 nocrhevm01 vmtoolsd: PAM adding faulty module: /lib64/security/pam_unix2.so

Oct  7 14:39:53 nocrhevm01 vmtoolsd: pam_unix(vmtoolsd:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root

Oct  7 14:39:56 nocrhevm01 vmtoolsd: PAM 1 more authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root

and below is my script

Function Update-WindowsVM{

param($virtualmachine)

$vm = Get-VM NOCRHEVM01

$os = (Get-VM $vm | Get-View).Summary.Config.GuestFullName

$toolsStatus = (Get-VM $vm | Get-View).Guest.ToolsStatus

if($vm.powerstate -eq "PoweredOn"){

    if($toolsStatus -eq "toolsOk"){

        # Determining Windows

        if($os -match 'Windows'){

            Write-Host "Windows guest found" -fore Green

            $update = "ipconfig"

        }

        elseif($os -match 'Linux'){

            Write-Host "Linux guest found" -fore Blue

            $update = "echo 'Password123' | passwd root --stdin"

        }   

        else{Write-Host "could not identify guest OS" -fore Red}

        # Update command

        Write-Host "Running $update command" -fore Yellow

        Invoke-VMScript -VM $vm -ScriptText $update -GuestUser root -GuestPassword oldpassword123 -scripttype bash

        }

        else{Write-Host $vm "VMware Tools are out off date or not running" -fore Red }

    }

else{Write-Host $vm "is not running" -fore Red }

}

Update-WindowsVM

The log seems to say that the password was changed. Was it ?

Hello.I don't know why but when i try to Invoke-VMScript the previous script(in order to change a windows machine admin password) i get

http://pastebin.com/VjswqtXx

Any ideas why?

Thanks!

Is that VM joined to an Active Directory domain ?

No it isn't.But the fact is that if i open powershell in the vm and run the powershell it works correctly...

Anyway i have found another way to change the password but it would be nice to know why...

Thanks!

PS:Actually i need this method because the other method that i have found didn't work.

I finally managed to run it like this

$script = '$admin = [adsi]("WinNT://./administrator, user");$admin.psbase.invoke("SetPassword", "lala");'

Invoke-VMScript -ScriptText $script -VM "cs1 - 123456 (tas.gdfg.com)" -guestuser administrator -guestpassword "foo"

My final and only question is "can i somehow disable the password policy?" so i can enter "123" as a valid password.

Thanks!

Start gpedit.msc, then go to Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy.

In there you change the password requirements

I was thinking programmatically but it's ok.My work is done.Thanks :smileyhappy:

or use the following script:

Get-Content servers.txt | Foreach-Object{

     $Server = $_

     try {

         $admin = [adsi]"WinNT://$_/Administrator,user"

         $admin.Invoke('SetPassword','N3WP@ssw0rd')

         $admin.SetInfo()

         Write-Host "Admin password successfully reset on $server"

     }

     catch {

         Write-Error "Error: cannot reset admin password on $server"

     }

}

hope that helps.