Local Admin Password Problem
Here are a few methods for changing the local administrator password on all computers in your domain.
Is there a way to change the local admin password using encryption and group policies? I have found ways to use tools like Hyena but not something that I can get to PCs that could possibly be turned off.
Tech Help—Just An
Got a Windows, Exchange or virtualization question
or need troubleshooting help? Or maybe you want a better
explanation than provided in the manuals? Describe
your dilemma in an e-mail to the MCPmag.com editors
at mailto:[email protected];
the best questions get answered in this column and garner
the questioner with a nifty MCPmag.com baseball-style
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message, but submit the requested
information for verification purposes.)
Gordon, there are a few methods out there for doing exactly what you're looking for. One popular method is documented in the TechNet article, "Windows 2000 Computer Startup Scripts." I have heard of other administrators running a simple Net User command, such as net user administrator pass123456, which would set the local administrator password to pass123456. For security reasons, this, of course, is never recommended.
Many administrators fear using passwords in scripts like I fear a weekend at the in-laws. So while the TechNet article I referenced earlier should answer your question, here’s another alternative.
SysInternals offers a free too called PsPasswd, which allows you to remotely reset passwords on a range of computers on your network. The tool will also report successes and failures of changed passwords, and allows you to run a single command against a list of computers. Since the password is just included within the syntax of a command that you run, it will never be stored as plain text in a batch or script file.
To use PsPasswd, you'll first need a list of all computers in your domain. To enumerate all computer objects in a domain, you could run this script:
LogFile = "C:\computers.txt"
Const ForWriting = 2
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select Name, Location from 'LDAP://DC=mcpmag,DC=com' " _
& "Where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
Set objFSO =
Set objFile = objFSO.CreateTextFile(LogFile, ForWriting)
Do Until objRecordSet.EOF
Note that the script will output to a file named "computers.txt" on the C drive. This could be changed by editing the LogFile variable assignment in the first line of the script. Note that in your environment, you will also need to change the domain referenced in line 12. In my example, I use mcpmag.com (DC=mcpmag,DC=com).
Once you have a list of all computers, you can then run pspasswd.exe to change the local administrator password on all systems in the list. Here’s the syntax that I used on my test network:
pspasswd.exe @c:\computers.txt administrator [email protected]!
Following the @ symbol in the command syntax is the path to the file containing all computer names. The next part of the syntax is the name of the account whose password will be changed, followed by the new password ([email protected]!).
Now here is the output that was generated from the command:
PsPasswd v1.21 - Local and remote password changer
Copyright (C) 2003-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
Error changing password:
The network path was not found.
Password for BSODME\administrator successfully changed.
Since the output will list both success and failures, you will be able to note the systems in which the password was not successfully changed. In my case, the system named PC1 was not located. So I would have to ensure that PC1 was online and then run the command a second time. (Note that PsPasswd can also be run against a single computer.) Since the command relies on UNC paths to connect to systems, you will need to ensure that the target systems have File and Print Sharing enabled and that File and Print Sharing is not being blocked by the system’s firewall. By default, the Windows XP Pro SP2 firewall does not allow File and Print sharing. However, this can be quickly changed via Group Policy.
As you can see, with a simple list of computers on your network, remotely changing the local administrator password using PsPasswd is a relatively painless process.