Solved

Rollout a Local Admin password change over a 2000 domain with win XP clients.

Posted on 2006-06-11
10
1,197 Views
Last Modified: 2013-12-23
I have a domain controller (b1) and Windows XP clients.
The clients can have one of two local admin passwords, however I would like to change that to just one.
Is there anyway I can rollout a change? (I can remotly shutdown a workstation)
0
Comment
Question by:mnb93
  • 4
  • 3
  • 3
10 Comments
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Yep there's a way...

But how do you want to do it? Work from a list of PCs? Work for every PC in AD (except DCs)? Work for every PC in a specific OU (or group of OUs)?

Otherwise all you really have to do is this for each of them:

Set objUser = GetObject("WinNT://<ComputerName>/Administrator, user")
objUser.SetPassword("<NewPassword>")

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Should have noted.. the two lines above are VbScript and would need saving to a .vbs file if you want to test it on a specific PC.

Chris
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 300 total points
Comment Utility
Another way;

Go to http://www.sysinternals.com/Utilities/PsPasswd.html and get the pspasswd utility.

Then just run it this way;

Make a text file, lets call it 'file' and put in your machine names one by one into it. You can easily do it by exporting an AD query to a text file.

pspasswd @file Administrator <newpassword>

Run it with domain administrator privilege and you are done. Just create a batch file and keep it for future.

Batch File:

pspasswd @file Administrator %1

Save the above into 'change.bat' and invoke it as 'change.bat <newpassword>'

Cheers,
Rajesh

0
 
LVL 5

Author Comment

by:mnb93
Comment Utility
"Work for every PC in AD" yes.

And where do I run your code?
0
 
LVL 5

Author Comment

by:mnb93
Comment Utility
pspasswd @file Administrator <newpassword>

Will that change it for every computer on the domain?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
For all the computers you have listed in the 'file'.

You can extract all the computer names from the AD itself by using the query.

Cheers,
Rajesh
0
 
LVL 5

Author Comment

by:mnb93
Comment Utility
What query?
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
When you open Active Directory Users and Groups MMC snap-in, you can see 'Saved Queries'. Go in there and create a query to list all the computers that are registered to Active Directory and save it to a file.

Cheers,
Rajesh
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 200 total points
Comment Utility

Here's a script that'll do it. It's best run from the command line because of how it dumps out error messages. To do that you'd have to open a command prompt, go to wherever the script is and run it with "cscript <scriptname.vbs>" (cscript is the command line processor for VBS). All the error handling can be changed if you want.

Right now it only skips computers in the Domain Controllers OU, if you want to skip more than that then just say what and we can figure out how.

The only bit you need to change is this line:

objUser.SetPassword "NewPassword"

Where it needs the password you want to set.

The script should run from anywhere, you'll obviously need to run it with an account that has permission to change the passwords.

Finally, it takes quite a while to run if you have a lot of dead computer accounts in your domain.


Const ADS_SCOPE_SUBTREE = 2

Dim objConnection, objCommand, objRecordSet, objRootDSE
Dim strPath, strName

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
objCommand.CommandText = "SELECT aDSPath, name FROM 'LDAP://" &_
      objRootDSE.Get("defaultNamingContext") & "' WHERE objectClass='computer'"
Set objRootDSE = Nothing

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 600
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute
While Not objRecordSet.EOF
      strPath = objRecordSet.Fields("aDSPath")
      If Not InStr(strPath, "Domain Controllers") Then
            strName = objRecordSet.Fields("name")
            On Error Resume Next
            Err.Clear
            Set objUser = GetObject("WinNT://" & strName & "/Administrator, user")
            If Err.Number <> 0 Then
                  WScript.Echo "Failed to Connect to Computer: " & strName
            Else
                  Err.Clear
                  objUser.SetPassword "NewPassword"
                  If Err.Number <> 0 Then
                        WScript.Echo "Failed to Change Password: " & strName
                  Else
                        WScript.Echo "Password Changed: " & strName
                  End If
            End If
            On Error Goto 0
      End If
      objRecordSet.MoveNext
Wend

objConnection.Close
Set objRecordSet = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
0
 
LVL 5

Author Comment

by:mnb93
Comment Utility
What I ended up doing:
pspasswd \\* Administrator newpassword

(But you both get points.)
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now