none
Changing the local administrator password for all computer in a 2012 R2 domain.

    Question

  • Hi there!

    Our network uses Windows 2012 R2 Domain controllers and we need to change the password for the local administrator for all computers on the network.


    Before we used a GPO to reset it when needed, but now I see the option was patched.

    What would be the best way to do this on a Windows 2012 R2 domain?


    Rodrigo Rocha


    • Edited by Rocharox Friday, June 17, 2016 11:33 AM
    Friday, June 17, 2016 11:33 AM

Answers

All replies

  • Hi,
     
    Am 17.06.2016 um 13:33 schrieb Rocharox:
    > [...] we need to change the password for the local administrator for
    > all computers on the network.[...] What would be the best way to do
    > this on a Windows 2012 R2 domain?
     
    Personal Favorite: LAPS
     
    or simply script it. Computerstartup Script
    -> net user Administrator "mynewpassword"
     
    of deploy this line via psexec, so it doesnot run every boot up time.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Friday, June 17, 2016 11:44 AM
  • > or simply script it. Computerstartup Script
    > -> net user Administrator "mynewpassword"
     
    Funny idea - plain text passwords in scripts :-) :-)
     
    Friday, June 17, 2016 12:00 PM
  • Am 17.06.2016 um 14:00 schrieb Martin Binder [MVP]:
    > Funny idea - plain text passwords in scripts :-) :-)
     
    As long the GPO has a security filter for DomainComputers (which it has
    since yesterday ;-), I can deal with it.
     
    Ok, use Autoit2exe.exe :-D
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Friday, June 17, 2016 12:07 PM
  • Thanks for the reply.

    LAPS is 1 machine at a atime, right? I was thinking about changing all of em at the same time.


    Rodrigo Rocha

    Friday, June 17, 2016 12:07 PM
  • Am 17.06.2016 schrieb Rocharox:
    Hi,

    LAPS is 1 machine at a atime, right? I was thinking about changing all of em at the same time.

    No each computer is changing it's own local administrator account for itself. But you can trigger it for all your domain computers to happen as soon as they receive the new timestamp.

    HTH
    Norbert


    Dilbert's words of wisdom #10:
    I don't have an attitude problem. You have a perception problem.
    nntp-bridge Zugriff auf die MS Foren wieder möglich: https://communitybridge.codeplex.com/

    Friday, June 17, 2016 12:20 PM
  • ok, it does makes more sense now. thank for the help. I got a few scenarios now to implement using LAPS.

    Rodrigo Rocha

    Friday, June 17, 2016 12:26 PM
  • Out of curiosity, are there any ways of doing this without having to change the schema?

    Rodrigo Rocha

    Friday, June 17, 2016 12:43 PM
  • How To Automate Changing The Local Administrator Password:
    https://blogs.technet.microsoft.com/askpfeplat/2014/05/18/how-to-automate-changing-the-local-administrator-password/

    Check this earlier thread which lets you how to change the Local Administrator Password on all computers run a Windows Server 2012 environment. Here's a an another thread for Local Administrator Password on all workstations across domain. You may also get help from this solution to manage user accounts within any Domain also enables the administrator to reset local user passwords.

    Hope this helps!


    Friday, June 17, 2016 12:49 PM
  • Am 17.06.2016 um 14:43 schrieb Rocharox:
    > Out of curiosity, are there any ways of doing this without having to
    > change the schema?
     
    There is a modified LAPS version, that does not change the schema, but
    you can only get this via Microsoft Enterprise Agreement(?), Software
    Assurance(?) Microsoft Enterprise Consulting(?) ...?
     
    It is not free and not available just buy paying money.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Friday, June 17, 2016 1:05 PM
  • Am 17.06.2016 schrieb Rocharox:

    Out of curiosity, are there any ways of doing this without having to change the schema?

    Yes with other products, which usually costs more money than LAPS. ;)
     -- Dilbert's words of wisdom #10:
    I don't have an attitude problem. You have a perception problem.
    nntp-bridge Zugriff auf die MS Foren wieder möglich: https://communitybridge.codeplex.com/

    Friday, June 17, 2016 1:20 PM
  • Hi Rodrigo,

    Are there any updates?

    If the replies above have resolved your problem, please mark it as answer as it would be helpful to anyone who encounters the similar problem.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 20, 2016 5:49 AM
    Moderator