?
Solved

Script to set local administrator password on all XP workstations in domain

Posted on 2010-11-29
13
Medium Priority
?
812 Views
Last Modified: 2012-05-10
I am the network administrator for a Windows 03 domain running mainly XP and a few Win 7 workstations.  I am looking for a script that would automate setting the local administrator password domainwide.  I have checked a few sites with a few scripts (VB) but none have worked so far.  
0
Comment
Question by:cjameson74
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
  • +1
13 Comments
 
LVL 7

Expert Comment

by:Rommel Sultan
ID: 34231327
0
 
LVL 3

Expert Comment

by:noelmul
ID: 34231362
You could do this with Group Policy Preferences without having to script it.

See here:
http://technet.microsoft.com/en-us/library/cc731892%28WS.10%29.aspx

When group policy preferences is setup you can use this to set the local admin password following these steps:
Start the Group Policy snap-in, expand Computer Configuration, expand Preferences, click Control Panel, and then right-click Local Users and Groups. From the menu select New - Local User.  Select Update as the action, type Administrator into the User name text box, then type the new password into the Password text box, confirming the password in Confirm Password text box. Press OK.
0
 
LVL 1

Author Comment

by:cjameson74
ID: 34231907
Anyone else have any other suggestions?  I tried the first link you sent rs but the link is not working inside that article.  and noelmul I need to install the client side ext on everyclient first?  Is there any easier way ?
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 
LVL 6

Expert Comment

by:ipajones
ID: 34232200
You could put the following command in a login script:

net user administrator whateverpassword >nul 2>&1

Open in new window

but...  the only problem with this is that the user logging into the machine will need local admin rights in order to be be able to execute the net user command.

Alternatively you could use something like PsExec

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

With PsExec you could put the above command in a batch file and execute the command remotely on all your client machines.  For example in your batch fike you would a have a line like the following for each client machine:

psexec \\computername net user administrator whateverpassword >nul 2>&1

Open in new window

You can get more help on syntax and download PsExex using the above link.

Hope this helps.
--IJ
0
 
LVL 7

Expert Comment

by:Rommel Sultan
ID: 34232228
What if you create a batch file.
reset.bat
Net User administrator newpassword

Convert it to reset.exe using bat to exe converter

then add it to login script

@\\servername\sys\public\reset.exe
or
#\\servername\sys\public\reset.exe


0
 
LVL 6

Expert Comment

by:ipajones
ID: 34232282
rsultan:  Just curious - what is the benefit of converting my suggested "net user " command into a executable file ?
0
 
LVL 7

Expert Comment

by:Rommel Sultan
ID: 34232329
Security purposes

running a batch script on startup is not secured.
It will show your new password.
and if  a user access \\servername\sys\public\reset.bat
then wala he got your new password.
0
 
LVL 1

Author Comment

by:cjameson74
ID: 34232736
These are all great examples, but I really need something that can populate forestwide without being logged into the machine as local admin?  There are approxamately 200 workstations and I really dont want to do this 1 by 1
0
 
LVL 6

Expert Comment

by:ipajones
ID: 34232868

Why not create a batch job then as per my previous post using PsExec ?

psexec \\computername net user administrator whateverpassword >nul 2>&1

Open in new window

I don't think you'll find any easier way of doing this.  What are you hoping for ?

--IJ
0
 
LVL 1

Author Comment

by:cjameson74
ID: 34232877
If I do it that way must a create a line for each workstation?
0
 
LVL 6

Expert Comment

by:ipajones
ID: 34233037
You've got a couple of options:

Either create a list of workstations from AD and then save it to a file - then read each line from the file (i.e. computername) and parse this to the psexec command

OR

Take the output from a dsquery command or similar AD command to list the workstations and pipe this directly into the psexec command.

Suggest you test the psexec command first and once proved works ok you can look at either of the above as options.

--IJ
0
 
LVL 3

Expert Comment

by:noelmul
ID: 34233125
How about something like this that pulls the list of computers from Active Directory and then changes the password on each.
On Error Resume Next

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
    "Select Name From 'LDAP://DC=fabrikam,DC=com' Where objectClass='computer'"  
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Do Until objRecordSet.EOF
    strComputer = objRecordSet.Fields("Name").Value

    Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
    objUser.SetPassword "x%tY7iu8%4f"

    objRecordSet.MoveNext
Loop

Open in new window

0
 
LVL 6

Accepted Solution

by:
ipajones earned 2000 total points
ID: 34261561
Having looked more into this, you can use the pspasswd.exe utility included with PSTools. This is the same set of tools that psexec.exe comes from - mentioned in my earlier post.  I'll post the link for downloading PSTools again:

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

The small script below pipes the output from the dsquery command and uses pspasswd.exe to make the password change to each computer name returned from the dsquery output.

@echo off
setlocal EnableDelayedExpansion
for /f "skip=1 tokens=1 delims= " %%A in ('dsquery * -Filter"^(^&^(objectCategory^=computer^)^(^!operatingSystem^=*server*^)^(operatingSystemVersion^=5*^)^)" -limit 0 -attr name') do (
	ECHO pspasswd \\%%A administrator whatever_password
)

Open in new window


Notes
In my dsquery I'm only selecting workstations with OS version 5 (WinXP), you can modify the query to suit your own requirements, but I assumed you wouldn't want to include servers.

Also to run the script live you need to remove the "ECHO" command - it's just echoing the command that would be run for each workstation for testing purposes.

Make sure you include the path to where ever you save pspasswd.exe to.

Hope this helps
--IJ
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question