|
Posted by Simo Sentissi on June 6, 2005, 1:28 pm
Please log in for more thread options
Hello there
I was wondering how I can remotly change the local admin password for a set
of workstations that belong to our AD.
I have no SMS setup yet, but I remember somebody talking about a script ?
is there any scripts outhere or maybe a utility ?
thanks
|
|
Posted by Steven L Umbach on June 6, 2005, 3:36 pm
Please log in for more thread options
You could use a Group Policy "startup" script using the net user [net user
administrator newpassword] command if you want to change the administrator
password to be the same for a number of computers grouped by Organizational
Unit. Users do not need read access to startup scripts in the sysvol share
but the domain computers group does. There is also a tool from SysInternals
called PsPasswd that can use a text file with the fully qualified names of
the domain computers. The Resource Kit has a tool called cusrmgr that can be
used in a batch file to change local administrator passwords and easily do
it in a way to give each computer a different password. The links below may
help. --- Steve
http://www.sysinternals.com/Utilities/PsPasswd.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;272530
> Hello there
>
> I was wondering how I can remotly change the local admin password for a
> set of workstations that belong to our AD.
> I have no SMS setup yet, but I remember somebody talking about a script ?
> is there any scripts outhere or maybe a utility ?
>
> thanks
>
|
|
Posted by Doug Sherman [MVP] on June 6, 2005, 4:20 pm
Please log in for more thread options For local machine accounts you can use the net user command:
http://support.microsoft.com/default.aspx?scid=kb;en-us;149427
http://support.microsoft.com/default.aspx?scid=kb;en-us;251394
Doug Sherman
MCSE, MCSA, MCP+I, MVP
> Hello there
>
> I was wondering how I can remotly change the local admin password for a
set
> of workstations that belong to our AD.
> I have no SMS setup yet, but I remember somebody talking about a script ?
> is there any scripts outhere or maybe a utility ?
>
> thanks
>
>
|
|
Posted by Karl Levinson, mvp on June 7, 2005, 7:56 am
Please log in for more thread options Besides the other answers, I've used the CUSRMGR utility that is part of the
Windows Resource Kits. The resource kits are not free, but MS has released
some of the reskit utilities for free on their web site. With cusrmgr.exe,
be very careful about the CASE of the letters in the command line switches.
They are case sensitive, and you can lock yourself out of every machine on
the network if something goes wrong. Test the script on a few systems at a
time to confirm the local password has changed to what you think it should
be.
> Hello there
>
> I was wondering how I can remotly change the local admin password for a
set
> of workstations that belong to our AD.
> I have no SMS setup yet, but I remember somebody talking about a script ?
> is there any scripts outhere or maybe a utility ?
>
> thanks
>
>
|
|
Posted by Torgeir Bakken \(MVP\) on June 7, 2005, 12:11 pm
Please log in for more thread options Simo Sentissi wrote:
> Hello there
>
> I was wondering how I can remotly change the local admin password for a set
> of workstations that belong to our AD.
> I have no SMS setup yet, but I remember somebody talking about a script ?
> is there any scripts outhere or maybe a utility ?
Hi,
You could do it in a computer startup script (with a GPO) that runs
as part of the boot up process (before the user logs in). It runs
under the system context and has admin rights.
To avoid users being able to read the script where the password is
stored, grant read access only for the AD group "Domain Computers"
to the script file.
Here is a VBScript that does the job (it will find the builtin
administrator account regardless of it's name):
'--------------------8<----------------------
sNewPassword = "testpassword"
Set oWshNet = CreateObject("WScript.Network")
sComputer = oWshNet.ComputerName
sAdminName = GetAdministratorName
On Error Resume Next
Set oUser = GetObject("WinNT://" & sComputer & "/" & sAdminName & ",user")
oUser.SetPassword sNewPassword
oUser.SetInfo
On Error Goto 0
Function GetAdministratorName()
Dim sUserSID, oWshNetwork, oUserAccount
Set oWshNetwork = CreateObject("WScript.Network")
Set oUserAccounts = GetObject( _
"winmgmts://" & oWshNetwork.ComputerName & "/root/cimv2") _
.ExecQuery("Select Name, SID from Win32_UserAccount" _
& " WHERE Domain = '" & oWshNetwork.ComputerName & "'")
On Error Resume Next
For Each oUserAccount In oUserAccounts
If Left(oUserAccount.SID, 9) = "S-1-5-21-" And _
Right(oUserAccount.SID, 4) = "-500" Then
GetAdministratorName = oUserAccount.Name
Exit For
End if
Next
End Function
'--------------------8<----------------------
WSH 5.6 documentation (local help file) can be downloaded from here
if you haven't got it already:
http://msdn.microsoft.com/downloads/list/webdev.asp
--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
|
| Similar Threads | Posted | | Lost local admin password | October 4, 2005, 8:17 pm |
| Changing machine startup sequence in the registry | June 2, 2005, 1:35 pm |
| Changing Admin PW on a large number of servers | April 8, 2006, 3:57 pm |
| Changing the error message given on the "change password" action | March 15, 2006, 10:31 am |
| Changing local file rights | July 27, 2005, 11:00 am |
| Maximum machine account password age | March 14, 2006, 6:24 am |
| machine password expiration in the 2003 domain environment | April 14, 2008, 10:57 am |
| Successful Logon to DC local machine | September 11, 2006, 12:31 pm |
| Problems with authentication and using alias to the local machine | April 27, 2006, 10:22 am |
| Admin Password | March 9, 2006, 6:15 pm |
|
XML Sitemap