Link to home
Create AccountLog in
Avatar of checkonetwo
checkonetwo

asked on

Change local admin password on multiple Windows 2008 servers and Win 7 Desktops

We has a system admin recently leave and i'd like to update all local admin passwords on our Windows 2008 R2 servers and Win 7 desktops.  What is the easiet way to update 300 workstations and 45 servers with my new local admin password.
I want to keep the same account, just change the passowrd.
ASKER CERTIFIED SOLUTION
Avatar of mpbeavjr
mpbeavjr
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Hi.

Using mpbeavjr's method, the account "administrator" gets a new password. Fine. But what about the domain admins' passwords? And what about admin accounts the leaving admin has created locally on the servers or workstations that don't read "administrator"? What about spying software that sits on your pc and records the new passwords you're  about to use and sends them home to the leaving admin?

If the "leaving admin" has already left, why even care? Is he, although he does not work for you, anymore, still in the position to somehow use these passwords via remotely accessible computers  (accessible via internet, not via LAN!) ? Or is he maybe having a contact person inside your company that he could tell these passwords who would assist him in doing something evil?

If no: don't do anything. What for?
If yes: do a lot more than just changing the local admin passwords. First of all think about blocking remote access.
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
This question is answered as far as the asker cooperated. Also many insight has been given on what else needs to be considered. So I recommend a split or even better, to return to your question, checkonetwo.
If splitting, maybe RobWill should think about whether his method changes any passwords, not as far as I know. RobWill?
>>"maybe RobWill should think about whether his method changes any passwords, not as far as I know. RobWill? "

McKnife is quite right.  My suggestion will not change any passwords.  When I said; "Restricted Groups is designed specifically for this" I guess based on the question I did imply that.  My point was Restricted Groups is designed for managing the local administrative accounts on PC's and/or servers in a specific OU by removing all existing local accounts, and replacing them with the accounts specified in the Group Policy.  It is a common way of managing local admin accounts protecting them from user changes or retired admins.

I have absolutely no problem if the author, moderator, or other participants wish to reallocate points.