Change the local administrator password on LOTS of domain machines. ~ Ask The Admin

Friday, April 11, 2008

Change the local administrator password on LOTS of domain machines.

Due to a changing of the guard (firing of a junior admin) I am now required to change the local administrator account password on almost 400 XP Pro SP2 Machines today. Oh joy!

Normally I would just open my MMC console connect to each machine and change it... But not on 400 machines that's just crazy!

Crazy and a good reason for our scripting lesson today. You do not have to know anything about scripting to get this done. I know a lot of you are sighing with relief. The task is pretty simple if you have the right tools and knowledge. Because knowledge is half the battle (thanks G.I. Joe!)

I snagged a Visual Basic Script file which allowed me to complete the task in under a half hour. I just had to create a text file with the netbois computer names of each machine I wanted to change the password on, then run one command.

So while I am looking busy today my work is already done and I am off to get my Snood beta on! This little script is going to come in handy!

I ran into a few issues. As usual! Obviously if one of the computers is not up on the network or even powered off this little script will stop.

To have the script run successfully on 400 computers I watched the script halt about 25 times. At that point I would delete the completed computers and the unavailable machines names from the text file and start it again.

Still saved me a ton of time though. Of course you have to run this as a domain user which has administrative rights on domain computers.


cscript local_admin_chpw.vbs password input.txt
' VBScript Source File -- Created with SAPIEN Technologies PrimalScript 3.1
' NAME: Local Admin Change Password
' AUTHOR: Kirrilian
' Date : 2/22/2005

' usage: cscript local_admin_chpw.vbs password input.txt
' the input file should be a list of machines you want to change the
' password on. One hostname per line.

Dim fso
Set fso = CreateObject("Scripting.FileSystemObject")
Set objArgs = WScript.Arguments.Unnamed

'InputFile = "C:\input.txt"

MyDate = Replace(Date, "/", "-")
OutputFile = "C:\output-" & mydate & ".txt"

If Not objArgs.Count = 2 Then
password = WScript.Arguments.Item(0)
InputFile = WScript.Arguments.Item(1)
If fso.FileExists(InputFile) Then
Set txtStreamIn = fso.OpenTextFile(InputFile)
Set txtStreamOut = fso.OpenTextFile(OutputFile, 2, True)
Do While Not (txtStreamIn.AtEndOfStream)
strComputer = txtStreamIn.ReadLine
chpw strComputer, password
WScript.Echo "Input file doesnt exist."

End if
End If

Sub usage()
WScript.Echo "Usage: cscript local_admin_chpw.vbs password input.txt"
WScript.Echo "Passwords with special characters need quotes"
End Sub 'usage

Sub printOut (data)
WScript.Echo data
txtStreamOut.writeline data
End Sub 'printOut

Sub chpw (computer,password)

Set objUser = GetObject("WinNT://" & computer & "/Administrator, user")
printOut "changing the password on " & computer & " to " & password
objUser.SetPassword """ & password & """
End Sub 'chpw

Just copy that script to a text file and name it Rename.vbs and name your text
file input.txt and get to changing! I find it very important to keep those local
Admin passwords synced up and constanly changed for obvious reasons! How do you
manage local admin passwords?