Resetting local admin on hosts via AD

How do I do this? I haven't actually done this, and I need to reset the local admin account password on all domain member workstation.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

dynamik

You can use restricted groups to manage the local admins through AD/GPOs, but if you want to do them all individually, just go to the local accounts under computer management.

royal

There are a ton of utilities out there for bulk changing local admin passwords. I searched Google and found like 5 in a matter of 30 seconds.

http://change-local-admin-password.qarchive.org/

jbaello

dynamik wrote:

You can use restricted groups to manage the local admins through AD/GPOs, but if you want to do them all individually, just go to the local accounts under computer management.

http://windows.stanford.edu/Public/Infrastructure/localgroup.html

This is a pretty good resource of the restricted groups, procedure.

Thanks guys

sprkymrk

jbaello wrote:

dynamik wrote:

You can use restricted groups to manage the local admins through AD/GPOs, but if you want to do them all individually, just go to the local accounts under computer management.

http://windows.stanford.edu/Public/Infrastructure/localgroup.html

This is a pretty good resource of the restricted groups, procedure.

Thanks guys

However, you can't actually set the password using this method, which is what I thought you wanted to do.

royal

Ya, this is sort of like:

What's a good donut shop?

Home Depot

Excellent, Home Depot looks like what I was looking for, thanks!

*scratches head*

nel

im pretty sure i used one of these two in a vb script:

On Error Resume Next 
Set file_object = CreateObject("Scripting.FileSystemObject") 
Set list = file_object.CreateTextFile("./Rezult.log") 
domain = "My_domain" '******** 
Set container_comp = GetObject("WinNT://" &amp; domain) 
container_comp.Filter = Array("Computer") 
For Each comp In container_comp 
comp_in_domain = comp.Name 
Set container_user = GetObject("WinNT://" &amp; my_domain &amp; "\" &amp; comp_in_domain) 
container_user.Filter = Array("User") ' Good 
For Each user In container_user 
If user.Name="Administrator" Then 
list.Write comp_in_domain &amp; " ---"&amp; user.Name &amp; vbCrLf 
user.SetPassword = "PASSWORD" 
End If 
Next 
Set container_user = Nothing 
Next 
list.Close 
WScript.Quit(0) ' Exit

Change the domain name and password to whatever you need. I got this off the msdn forums somewhere and im sure this is the one i used (it was a few year back now and i cant find the link anymore).

Or:

Set WshNetwork = WScript.CreateObject("WScript.Network")
strComputer = "."
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator,user")
objUser.SetPassword "NEW.PASSWORD" ' Enter new password between brackets
objUser.SetInfo

For the last script above there was a script encrypter from MS if your worried about it being in clear text.

If your going to give it a shot do it in a test environment first.

sprkymrk

royal wrote:

Ya, this is sort of like:

What's a good donut shop?

Home Depot

Excellent, Home Depot looks like what I was looking for, thanks!

*scratches head*

Lowes has better coffee though. :P

We actually use Hyena when we need to change the local admin p/w. Hyena does a LOT more than that, it's like ADUC on steroids with built in reporting and scripting. Also has add-in for Exchange. Very reasonably priced as well.

www.systemtools.com/hyena