cjameson74
asked on
Script to set local administrator password on all XP workstations in domain
I am the network administrator for a Windows 03 domain running mainly XP and a few Win 7 workstations. I am looking for a script that would automate setting the local administrator password domainwide. I have checked a few sites with a few scripts (VB) but none have worked so far.
You could do this with Group Policy Preferences without having to script it.
See here:
http://technet.microsoft.com/en-us/library/cc731892%28WS.10%29.aspx
When group policy preferences is setup you can use this to set the local admin password following these steps:
Start the Group Policy snap-in, expand Computer Configuration, expand Preferences, click Control Panel, and then right-click Local Users and Groups. From the menu select New - Local User. Select Update as the action, type Administrator into the User name text box, then type the new password into the Password text box, confirming the password in Confirm Password text box. Press OK.
See here:
http://technet.microsoft.com/en-us/library/cc731892%28WS.10%29.aspx
When group policy preferences is setup you can use this to set the local admin password following these steps:
Start the Group Policy snap-in, expand Computer Configuration, expand Preferences, click Control Panel, and then right-click Local Users and Groups. From the menu select New - Local User. Select Update as the action, type Administrator into the User name text box, then type the new password into the Password text box, confirming the password in Confirm Password text box. Press OK.
ASKER
Anyone else have any other suggestions? I tried the first link you sent rs but the link is not working inside that article. and noelmul I need to install the client side ext on everyclient first? Is there any easier way ?
You could put the following command in a login script:
Alternatively you could use something like PsExec
http://technet.microsoft.c om/en-us/s ysinternal s/bb897553 .aspx
With PsExec you could put the above command in a batch file and execute the command remotely on all your client machines. For example in your batch fike you would a have a line like the following for each client machine:
Hope this helps.
--IJ
net user administrator whateverpassword >nul 2>&1
but... the only problem with this is that the user logging into the machine will need local admin rights in order to be be able to execute the net user command.Alternatively you could use something like PsExec
http://technet.microsoft.c
With PsExec you could put the above command in a batch file and execute the command remotely on all your client machines. For example in your batch fike you would a have a line like the following for each client machine:
psexec \\computername net user administrator whateverpassword >nul 2>&1
You can get more help on syntax and download PsExex using the above link.Hope this helps.
--IJ
What if you create a batch file.
reset.bat
Net User administrator newpassword
Convert it to reset.exe using bat to exe converter
then add it to login script
@\\servername\sys\public\r eset.exe
or
#\\servername\sys\public\r eset.exe
reset.bat
Net User administrator newpassword
Convert it to reset.exe using bat to exe converter
then add it to login script
@\\servername\sys\public\r
or
#\\servername\sys\public\r
rsultan: Just curious - what is the benefit of converting my suggested "net user " command into a executable file ?
Security purposes
running a batch script on startup is not secured.
It will show your new password.
and if a user access \\servername\sys\public\re set.bat
then wala he got your new password.
running a batch script on startup is not secured.
It will show your new password.
and if a user access \\servername\sys\public\re
then wala he got your new password.
ASKER
These are all great examples, but I really need something that can populate forestwide without being logged into the machine as local admin? There are approxamately 200 workstations and I really dont want to do this 1 by 1
Why not create a batch job then as per my previous post using PsExec ?
psexec \\computername net user administrator whateverpassword >nul 2>&1
I don't think you'll find any easier way of doing this. What are you hoping for ?--IJ
ASKER
If I do it that way must a create a line for each workstation?
You've got a couple of options:
Either create a list of workstations from AD and then save it to a file - then read each line from the file (i.e. computername) and parse this to the psexec command
OR
Take the output from a dsquery command or similar AD command to list the workstations and pipe this directly into the psexec command.
Suggest you test the psexec command first and once proved works ok you can look at either of the above as options.
--IJ
Either create a list of workstations from AD and then save it to a file - then read each line from the file (i.e. computername) and parse this to the psexec command
OR
Take the output from a dsquery command or similar AD command to list the workstations and pipe this directly into the psexec command.
Suggest you test the psexec command first and once proved works ok you can look at either of the above as options.
--IJ
How about something like this that pulls the list of computers from Active Directory and then changes the password on each.
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select Name From 'LDAP://DC=fabrikam,DC=com' Where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strComputer = objRecordSet.Fields("Name").Value
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
objUser.SetPassword "x%tY7iu8%4f"
objRecordSet.MoveNext
Loop
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=76379&site_id=1#import