Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Re: Windows local Admin Password

18 views

Skip to first unread message

Torgeir Bakken (MVP)

unread,

Dec 10, 2004, 10:33:40 PM12/10/04

James Robertson wrote:

> I am needing to know of the way on how to change the password for the local
> Administrator account on remote 2000 and XP workstations via a script in a
> Domain that will affect them all, instead of visiting each one seperately.
Hi

If this is an Active Directory domain:

You could do it in a computer startup script (with a GPO) that runs
as part of the boot up process (before the user logs in). It runs
under the system context and has admin rights.

To avoid users being able to read the script where the password is
stored, grant read access only for the AD group "Domain Computers"
to the script file.

As long as the Administrator account name is "Administrator", this
batch file will set the password on the account:

'--------------------8<----------------------
@echo off
net.exe user administrator newpassword
'--------------------8<----------------------

As long as the Administrator account name is "Administrator", this
vbscript will set the password on the account:

'--------------------8<----------------------
sNewPassword = "testpassword"
Set oWshNet = CreateObject("WScript.Network")
sComputer = oWshNet.ComputerName

On Error Resume Next
Set oUser = GetObject("WinNT://" & sComputer & "/Administrator,user")
oUser.SetPassword sNewPassword
oUser.SetInfo
On Error Goto 0
'--------------------8<----------------------

If you want to change the password instead of setting it (but this
means you will need to be sure that you know the old password on
all the computers), use oUser.ChangePassword instead of
oUser.SetPassword, like this:

oUser.ChangePassword "old pwd here", sNewPassword

If there is a chance that the name of the administrator is not
"Administrator" (e.g. the account is renamed, or you have some
non-English OS versions), you could use this version instead:

'--------------------8<----------------------
sNewPassword = "testpassword"
Set oWshNet = CreateObject("WScript.Network")
sComputer = oWshNet.ComputerName
sAdminName = GetAdministratorName

On Error Resume Next
Set oUser = GetObject("WinNT://" & sComputer & "/" & sAdminName & ",user")
oUser.SetPassword sNewPassword
oUser.SetInfo
On Error Goto 0

Function GetAdministratorName()

Dim sUserSID, oWshNetwork, oUserAccount

Set oWshNetwork = CreateObject("WScript.Network")
Set oUserAccounts = GetObject( _
"winmgmts://" & oWshNetwork.ComputerName & "/root/cimv2") _
.ExecQuery("Select Name, SID from Win32_UserAccount" _
& " WHERE Domain = '" & oWshNetwork.ComputerName & "'")

On Error Resume Next
For Each oUserAccount In oUserAccounts
If Left(oUserAccount.SID, 9) = "S-1-5-21-" And _
Right(oUserAccount.SID, 4) = "-500" Then
GetAdministratorName = oUserAccount.Name
Exit For
End if
Next
End Function
'--------------------8<----------------------

--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx

Francisco Bido

unread,

Apr 4, 2006, 10:29:24 AM4/4/06

This will work on domains and Workgroups?

--
Francisco B2 Colon
C@Tdesign IT

"Torgeir Bakken (MVP)" escribió:

0 new messages