local admin passwords

[nevje]

we have a single AD w2k domain with all w2k clients, spread over
multiple sites. the local admin username/password has always been set to
the same username/password for admin purposes on all machines.

is it possible to change this password on all of these machines without
visiting them? via group policy or another method?

 

[Jerold Schulman]

we have a single AD w2k domain with all w2k clients, spread over
multiple sites. the local admin username/password has always been set to
the same username/password for admin purposes on all machines.

is it possible to change this password on all of these machines without
visiting them? via group policy or another method?

See tip 199 in the 'Tips & Tricks' at http://www.jsiinc.com

You can also use tip 4195

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Steven Umbach]

You can create a startup script and implement it via Group Policy using the "net
user username newpassword" command. After you put the script in the startup
folder or folders be sure to remove permissions on for users/everyone and add
the domain computers group permissions for read.execute. That keeps users from
navigating to the sysvol share to read the password in the script. Computers
will receive the new password at the next startup.

http://support.microsoft.com/default.aspx?scid=kb;en-us;322241

Otherwise look into using pspasswd from SysInternals that can remotely change
passwords on computers. You can also use it with the @filename.txt to read from
a list of computers but the computers in the list need to include the domain
name in my testing as in server2.mydomain.com. You can also use the \\* and it
will change password on every active computer in the domain. --- Steve

http://www.sysinternals.com/ntw2k/freeware/pspasswd.shtml

 

[nevje]

You can create a startup script and implement it via Group Policy using the "net
user username newpassword" command. After you put the script in the startup
folder or folders be sure to remove permissions on for users/everyone and add
the domain computers group permissions for read.execute. That keeps users from
navigating to the sysvol share to read the password in the script. Computers
will receive the new password at the next startup.

http://support.microsoft.com/default.aspx?scid=kb;en-us;322241

Otherwise look into using pspasswd from SysInternals that can remotely change
passwords on computers. You can also use it with the @filename.txt to read from
a list of computers but the computers in the list need to include the domain
name in my testing as in server2.mydomain.com. You can also use the \\* and it
will change password on every active computer in the domain. --- Steve

http://www.sysinternals.com/ntw2k/freeware/pspasswd.shtml

thanks for that .... im having a problem with the syntax when trying
pspasswd - its says the syntax is as follows:-

Usage: pspasswd [\\[computer[,computer,[,...]|Domain]|@file] [-u
Username [-p Password]]] Username [NewPassword]

however, i cant seem to get it quite right, having a rather dense day!
if we take:-

'domain.local' as the domain
'administrator' as the admin username
'computer1' as the system i want to change the admin password on

what would the command line be for it to work?

 

[Steven L Umbach]

If you have only one domain and are logged on as a domain admin for that
domain try " pspasswd \\computer1 administrator newpassword " that works for
me. You can also use " pspasswd \\computer1.domain.local administrator
newpassword ". If you are not logged onto a computer with an account that
has local administrator rights on the target computer but know the
credentials for an administrator account on the target computer try "
pspasswd \\computer1 -u administrator -p xxxx administrator newpassword
.. --- Steve

You can create a startup script and implement it via Group Policy using the "net
user username newpassword" command. After you put the script in the startup
folder or folders be sure to remove permissions on for users/everyone and add
the domain computers group permissions for read.execute. That keeps users from
navigating to the sysvol share to read the password in the script. Computers
will receive the new password at the next startup.

http://support.microsoft.com/default.aspx?scid=kb;en-us;322241

Otherwise look into using pspasswd from SysInternals that can remotely change
passwords on computers. You can also use it with the @filename.txt to read from
a list of computers but the computers in the list need to include the domain
name in my testing as in server2.mydomain.com. You can also use the \\* and it
will change password on every active computer in the domain. --- Steve

http://www.sysinternals.com/ntw2k/freeware/pspasswd.shtml

thanks for that .... im having a problem with the syntax when trying
pspasswd - its says the syntax is as follows:-

Usage: pspasswd [\\[computer[,computer,[,...]|Domain]|@file] [-u
Username [-p Password]]] Username [NewPassword]

however, i cant seem to get it quite right, having a rather dense day!
if we take:-

'domain.local' as the domain
'administrator' as the admin username
'computer1' as the system i want to change the admin password on

what would the command line be for it to work?