Reset passwords of local admin accounts

All replies

• 

  

  1

  Sign in to vote

  Yes you can do this easily with powershell. Below is the sample code which works for a single computer.

  $strcomputers = Get-Content c:\servers.txt

  foreach ($strcomputer in $strcomputers) {

  $admin=[adsi]("WinNT://" + $strComputer + "/administrator, user")

  $admin.psbase.invoke("SetPassword", "Whatever1")

  }

  You can find much more enhanced script at http://myitforum.com/cs2/blogs/yli628/archive/2007/08/23/powershell-script-to-change-administrator-password-on-a-list-of-machines.aspx which allows you to log the output to a CSV file.

  Hope this helps.

  ---

  Thanks,

  Sitaram Pamarthi

  Blog : http://techibee.com

  Follow on Twitter

  This posting is provided AS IS with no warranties or gurentees,and confers no rights

  • Proposed as answer by pamarths Friday, July 29, 2011 6:16 PM

  Friday, July 29, 2011 1:11 PM
• 

  

  0

  Sign in to vote

  http://thescriptmonkey.wordpress.com/2010/05/22/change-local-administrator-password-with-powershell/

  Friday, July 29, 2011 1:13 PM
• 

  

  0

  Sign in to vote

  Something I put together a while back.

  http://gallery.technet.microsoft.com/scriptcenter/66a5b38f-cdf1-4126-aa0c-be65e16dd650

  Friday, July 29, 2011 2:05 PM
• 

  

  0

  Sign in to vote

  You can use a PowerShell or VB script but in my opinion, you can easily achieve this thought GPO & batch file.  I have described one option in the following blog:

  http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/ActiveDirectory/GetcontrolofyourseversusingStartupShutdownScript.html

  Net User Administrator <your password>
  
  Net Localgroup /Add “Administrators” “Domain Admins”

  
  

  ---

  Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX
  
  Blogs - http://blogs.sivarajan.com/
  Articles - http://www.sivarajan.com/publications.html
  Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara
  This posting is provided AS IS with no warranties,and confers no rights.

  Friday, July 29, 2011 2:21 PM
• 

  

  0

  Sign in to vote

  You can use a PowerShell or VB script but in my opinion, you can easily achieve this thought GPO & batch file.  I have described one option in the following blog:

  http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/ActiveDirectory/GetcontrolofyourseversusingStartupShutdownScript.html

   

  Net User Administrator <your password>
  
  Net Localgroup /Add “Administrators” “Domain Admins”

  
  

    

  ---

  Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX
  
  Blogs - http://blogs.sivarajan.com/
  Articles - http://www.sivarajan.com/publications.html
  Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara
  This posting is provided AS IS with no warranties,and confers no rights.

  That seems to be a bit of a security risk to me. You never, ever, want to "hard code" a password in a file like that. Especially since if "Authenticated Users" have access to read/apply the GPO, they can read the batch file and get hold of the admin password. Which actually enables not only you.. but also other people to get control of your servers. You really need to properly secure the GPO and batch file if using that approach. It might be fine for a one time operation (like resetting it to something else each service window), but it's a bit too risky for my taste. 

   

  ---

  Andreas Hultgren
  MCTS, MCITP
  http://ahultgren.blogspot.com/

  Friday, July 29, 2011 5:19 PM
• 

  

  0

  Sign in to vote

  This is not a “permanent” solution. You can enable this GPO for a week or 2.  Then remove the GPO and the file.  But agreed that the hard cording of password in a text file not a best practice. 

  ---

  Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX
  
  Blogs - http://blogs.sivarajan.com/
  Articles - http://www.sivarajan.com/publications.html
  Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara
  This posting is provided AS IS with no warranties,and confers no rights.

  Sunday, July 31, 2011 11:23 PM
• 

  

  0

  Sign in to vote

  Yes you can do this easily with powershell. Below is the sample code which works for a single computer.

  $strcomputers = Get-Content c:\servers.txt

  foreach ($strcomputer in $strcomputers) {

  $admin=[adsi]("WinNT://" + $strComputer + "/administrator, user")

  $admin.psbase.invoke("SetPassword", "Whatever1")

  }

  You can find much more enhanced script at http://myitforum.com/cs2/blogs/yli628/archive/2007/08/23/powershell-script-to-change-administrator-password-on-a-list-of-machines.aspx which allows you to log the output to a CSV file.

  Hope this helps.

  ---

  Thanks,

  Sitaram Pamarthi

  Blog : http://techibee.com

  Follow on Twitter

  This posting is provided AS IS with no warranties or gurentees,and confers no rights

  
  Thank you for the help. I have used the short version (the part you manually typed) only to realize after the script ran that now i do not know which servers failed :(

   

  Something that the script did that I didn't expect is that if your local admin account on the Servers is called Administrator and you have a domain admin account also with that name it will set the password for that account also if the account you ran the script with has enough priviledges

  i will need to look at the link you provided as i would need a list of the ones who failed but thank you for the help and all those who responded

  Monday, August 1, 2011 11:32 AM
• 

  

  0

  Sign in to vote

  Site Deleted !
  

  Wednesday, January 7, 2015 12:06 PM