We help IT Professionals succeed at work.

Enable local admin account

We have about 300 Windows servers. The local administrator account is disabled. I would like to enable the to rest the password.
Is there any ps script which you can share with me to enable the administrator account?
Comment
Watch Question

Hello ThereSystem Administrator
BRONZE EXPERT
Distinguished Expert 2018

Commented:
You should be able to use GPO for this.
http://tompopov.blogspot.com/2011/03/enable-windows-7-administrator-account.html

Or you can try Local Administrator Password Solution (LAPS) by Microsoft:
https://www.microsoft.com/en-us/download/details.aspx?id=46899

Alternative 3rd party solution:
Netwrix Bulk Password Reset
https://www.netwrix.com/local_admin_bulk_password_reset_freeware.html

https://community.spiceworks.com/topic/530062-changing-the-local-admin-passwords-across-the-network

I like the last one. It seems to be really simple to use.

Author

Commented:
I just want to enable the local admin , I have a third party solution to reset the password, unfortunately it will not enable the disabled account.
Hello ThereSystem Administrator
BRONZE EXPERT
Distinguished Expert 2018

Commented:
Then use GPO for this.

If you prefer enable local admin account with a command line, there is an option:
net user administrator /active:yes

Open in new window

SILVER EXPERT
Distinguished Expert 2019

Commented:
what is the nature of the disabled account? why not create/add a new one and manage it.
https://www.experts-exchange.com/articles/31583/Active-Directory-Securely-Set-Local-Account-Passwords.html

Author

Commented:
Thank you all, my question is how to enable a local account using PS script for a few computers?
Something like
Get-ADComputer -Filter { (ObjectClass -eq "Computer")
then output the result in a txt file and enable the admin account one at a time.
SILVER EXPERT
Distinguished Expert 2019

Commented:
Hello ThereSystem Administrator
BRONZE EXPERT
Distinguished Expert 2018

Commented:
GPO will do the job.

Create a new GPO and go to: Computer configuration -> Policies -> Windows Settings -> Security Settings -> Security Options. On Right Pane click on Accounts: Administrator account status and change the settings to Enabled. Apply the policy to all desired computers.

If you want a script, deploy the startup script with GPO that contains:
net user administrator /active:yes

Open in new window

BRONZE EXPERT
Commented:

For a script to enable local users on remote computers check: https://gallery.technet.microsoft.com/scriptcenter/EnableDisableUser-73bccd4e

The script can be used to enable a local user and change the password. Also it can run against multiple machines by using a input file. Read the document for all instructions.