Tech Line

Local Admin Password Problem

Here are a few methods for changing the local administrator password on all computers in your domain.

Chris: Is there a way to change the local admin password using encryption and group policies? I have found ways to use tools like Hyena but not something that I can get to PCs that could possibly be turned off.
— Gordon

Tech Help—Just An
E-Mail Away

Got a Windows, Exchange or virtualization question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to the editors at mailto:[email protected]; the best questions get answered in this column and garner the questioner with a nifty baseball-style cap.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message, but submit the requested information for verification purposes.)

Gordon, there are a few methods out there for doing exactly what you're looking for. One popular method is documented in the TechNet article, "Windows 2000 Computer Startup Scripts." I have heard of other administrators running a simple Net User command, such as net user administrator pass123456, which would set the local administrator password to pass123456. For security reasons, this, of course, is never recommended.

Many administrators fear using passwords in scripts like I fear a weekend at the in-laws. So while the TechNet article I referenced earlier should answer your question, here’s another alternative.

SysInternals offers a free too called PsPasswd, which allows you to remotely reset passwords on a range of computers on your network. The tool will also report successes and failures of changed passwords, and allows you to run a single command against a list of computers. Since the password is just included within the syntax of a command that you run, it will never be stored as plain text in a batch or script file.

To use PsPasswd, you'll first need a list of all computers in your domain. To enumerate all computer objects in a domain, you could run this script:

LogFile = "C:\computers.txt"
Const ForWriting = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
   "Select Name, Location from 'LDAP://DC=mcpmag,DC=com' " _
   & "Where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute

Set objFSO =
Set objFile = objFSO.CreateTextFile(LogFile, ForWriting)

Do Until objRecordSet.EOF
   objFile.WriteLine objRecordSet.Fields("Name").Value

Note that the script will output to a file named "computers.txt" on the C drive. This could be changed by editing the LogFile variable assignment in the first line of the script. Note that in your environment, you will also need to change the domain referenced in line 12. In my example, I use (DC=mcpmag,DC=com).

Once you have a list of all computers, you can then run pspasswd.exe to change the local administrator password on all systems in the list. Here’s the syntax that I used on my test network:

pspasswd.exe @c:\computers.txt administrator [email protected]!

Following the @ symbol in the command syntax is the path to the file containing all computer names. The next part of the syntax is the name of the account whose password will be changed, followed by the new password ([email protected]!).

Now here is the output that was generated from the command:

PsPasswd v1.21 - Local and remote password changer
Copyright (C) 2003-2004 Mark Russinovich
Sysinternals -

Error changing password:
The network path was not found.

Password for BSODME\administrator successfully changed.

Since the output will list both success and failures, you will be able to note the systems in which the password was not successfully changed. In my case, the system named PC1 was not located. So I would have to ensure that PC1 was online and then run the command a second time. (Note that PsPasswd can also be run against a single computer.) Since the command relies on UNC paths to connect to systems, you will need to ensure that the target systems have File and Print Sharing enabled and that File and Print Sharing is not being blocked by the system’s firewall. By default, the Windows XP Pro SP2 firewall does not allow File and Print sharing. However, this can be quickly changed via Group Policy.

As you can see, with a simple list of computers on your network, remotely changing the local administrator password using PsPasswd is a relatively painless process.

About the Author

Chris Wolf is a Microsoft MVP for Windows --Virtual Machine and is a MCSE, MCT, and CCNA. He's a Senior Analyst for Burton Group who specializes in the areas of virtualization solutions, high availability, storage and enterprise management. Chris is the author of Virtualization: From the Desktop to the Enterprise (Apress), Troubleshooting Microsoft Technologies (Addison Wesley), and a contributor to the Windows Server 2003 Deployment Kit (Microsoft Press).learningstore-20/">Troubleshooting Microsoft Technologies (Addison Wesley) and a contributor to the Windows Server 2003 Deployment Kit (Microsoft Press).

comments powered by Disqus
Most   Popular