Changing local Admin password

Our network admin just left and we changed the network password afterwards. We just found out that on users's PC that we can still log in with old network password at least to get into the PC but it won't give access to any network folder. Is there a way to prevent any user logging in with old Admin password locally?
LVL 2
coronoahcoroAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vinchenzo-the-SecondCommented:
Need more info.  What do u mean by network password?  are users accounts in a Domain.
0
rlandquistCommented:
You can run a startup script from a Group Policy to change the local administrator password on all computers.

If this is what you want to do, I can provide a script.
0
coronoahcoroAuthor Commented:
@Vichenzo: The administrator network password

@rlandquist: that will be great. I assume I can test it to run on a few computer first?
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

rlandquistCommented:
Here is the script I use.  It searches for the local administrator account by it's SID, and renames it to Administrator. (this deals with computers that have had the account renamed)
Then it changes the password to the one you supply.

Create a GPO for the OU the computers are in, and add this script to the Computer Startup script section.
' ==============================================================================
'  Title: Change Local Administrator Password and Username - Search by SID
'  Author: Rob Landquist
'
'  Created: July 23, 2009
'  Modified: October 21, 2010
'
'  Description: Searches the local user accounts for the Administrator account
'    using the SID identifiers.  Sets the password to the specified one and 
'    changes the username if it does not match the specified one.
' ==============================================================================
Option Explicit

'Define Constants


'Declare Variables
Dim strComputer
Dim strPassword
Dim objWMIService
Dim colUserAccounts
Dim objUserAccount
Dim strAdminName
Dim objAdminAccount
Dim objNetwork
Dim strNewAdminName
Dim objComputer

'Set Variables
strNewAdminName = "Administrator"
strPassword = "Password123" 'New password, be aware of the password policy (length, etc)

'Create Objects
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName

'Bind to the computer
Set objComputer = GetObject("WinNT://" & strComputer)

'Get list of all local user accounts
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colUserAccounts = _
objWMIService.ExecQuery("Select * from Win32_UserAccount WHERE LocalAccount = True")

'Searches local user accounts for the local administrator SID
For Each objUserAccount In colUserAccounts
	If Left(objUserAccount.SID, 6) = "S-1-5-" And Right(objUserAccount.SID, 4) = "-500" Then
		strAdminName = objUserAccount.Name
		Exit For
	End If
Next

'Bind to the local administrator user account
Set objAdminAccount = GetObject("WinNT://" & strComputer & "/" & strAdminName & ",user")

'Set new password
On Error Resume Next
objAdminAccount.SetPassword(strPassword)

'Rename Administrator account
If strAdminName <> strNewAdminName Then
	objComputer.MoveHere objAdminAccount.ADsPath, strNewAdminName
End If
On Error Goto 0

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rlandquistCommented:
Yes, to test it, apply it to a test OU and only put the computers you want to test in that OU.
0
Joseph DalyCommented:
You can do this with a startup script however bear in mind that a startup script will store the password in plain text. Any user with the brains to find the script location can get the admin password.

For most users this wont be an issue but just figured I would give you the cautionary statement.

Another and possibly better way I would reccomend doing this would be to use group policy prefferences.
http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-set-change-passwords/

This way the password is not stored anywhere in plain text. With this group policy prefference you could also have the option of renaming the local admin account. We do this on all of our machines for added security.
0
rlandquistCommented:
When you embed the script in the GPO, it is much harder for anyone to get access to the script (As opposed to a user logon script in the netlogon share).  Also, it is a computer startup script, so user accounts don't need permissions.

When I create the GPO, I click on Show Files and then right click to create new text file.  I rename the file and paste the script inside.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.