Need script to change Local Admin password on all workstations - Logon Script?

I am looking for a script to push out from my Active Directory to all workstations that will change the Local Administrator password on the machines.  I am in the process of locking down about 300 workstations and need to get this changed ASAP since some users are causing havoc.

Anyone know where I could find a tool that would do the trick?  Possibly something I could push out as a logon script?

Who is Participating?
Pete LongConnect With a Mentor Technical ConsultantCommented:
Change All Local Admin Passwords

Change Local Administrator Password Remotely

Download the utility 'cryptpwd' from :

Now just create a text file containing all your server names
(e.g. serverlist.txt) and then create a batch file with the following line :

FOR /F %%x in (serverlist.txt) do cryptpwd -m \\%%x -P newpassword

(where newpassword is the password you want to set as the
local administrator password on the servers.)

(You obviously need to have admin. rights to the servers in order
to change the password.)

This method changes the password immediately.


For a VB Solution see
Here is some good info on using cusrmgr.exe to accomplish this task
Here's a one-liner batch script you can set as a start-up script in the Machine policy:

net user administrator password

I rename my local administrator accounts as an extra security measure.  Here's another script to use if you want to use another admin account:

net user admin2 password
if %ERRORLEVEL% == 2 goto CREATE
goto end

net user admin2 /add password
net localgroup administrators /add admin2
goto END

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Do you have the W2k Resource Kit (namely local.exe, getsid.exe, and cusrmgr.exe; note that cusrmgr.exe is not part of the free downloadable W2k3 ResKit)? I have a script here that remotely renames on a list machines the built-in account (even if renamed to an unknown name), changes the password, and lists other users with administrative permissions; this requires the tools above, though.
Pete LongTechnical ConsultantCommented:
Another solution is to download the freeware Quest central from, under the AD portion of the mamnagement tools you can select computers and invoke the Change Local Administrator password wizard.
If you want to make it even go to this url:

Download and install HYENA network tools. This is what I use to change hundred of workstations local password in minutes. No scripts just an easy to use GUI. If you like it and need a quick how to I will help you. Good luck
ooops... Sorrry I meant make it easier go to this url... I am an newbie as you can tell.
How would you use to Hyena to change the passwords on muliple workstations?
open up Hyena-->Open up enterprise---> Right click all computers--->Click view all computers--> On the left side select the computer types and choose windows nt and windows 95. On the rights side where is says function  choose workstation and click ok.

Hyena will then enumerate a list of all workstations in your AD/NT domain. Once the list is completed all the computers(workstations) will appear on the right side. Select all computers using CTRL A and then right click on any one of the computers.

Select more functions and choose set account password and choose the password you want. This will change the password for all workstations.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.