RSA enVision Service Account Password Changer powershell

Discussion created by securitysavy on Feb 6, 2012
Latest reply on Aug 27, 2012 by RSA Admin

This powershell script was sourced from a RSA Professional Services team member who allowed me to post it here.  If you want the original version I can provide it but its not much different.


This password does a nice job of changing all the service account passwords in a single enVision site.  You could run it simultaneously on multiple sites if you need to keep them all in sync (4.0 sp4 patch 5+).


I added in some tweaks from the default.  You are welcome to make changes to the script, especially if you want to enhance it with error handling , etc.



Version 1.2 (2/6/2012)


 Tested with enVision 4.0 SP4 (patch 4)

    This script will:

    -Reset AD passwords for master, nic_system, nic_sshd, nic_sftp

    -Reset Local passwords for master, nic_system, nic_sshd, nic_sftp

    -Reset CIFS passwords for master, nic_system, nic_sshd, nic_sftp (Account running this script must be in Administrator group on CIFS server)

    -Reset passwords for the NIC Service's running on each Windows server

    -Restart Services for ES and LS's (For EA platform, services must be manually restarted)

    -Cache new passwords for WinSSHD



    1. This script must be run on DS1 in a LS configuration.

    2. This script must be run as an account that is configured as an administrator (and Domain Admin) on all systems, including the NAS.  This normally means the Administrator account (which is pre-created on the NAS).  Contact support to obtain the password for this account on the NAS if you do not know it.  This is the only administrator on the NAS by default I believe.  I have manually created an administrator account on all servers and given it admin rights and the same password (like the other accounts require).

    3. This script requires Powershell and .Net Framework 3.5 to be installed on the enVision D server.

    4. The WinSSHD functionality may not work with this script.  You are welcome to tweak the code as you need.

    5. This script requires that the accounts not be moved from their original Active Directory location (container).  It is used explicitly.