local admin pwd change needed

[Jason]

i don't have sms, i'm on a win2k native domain with 2000pro workstations..

is there a policy or some way i can change all the local admin pwd's on all
these boxes without touching all 500?


thanks

 

[Dinah]

We had no success trying to accomplish this through AD or
policies. You can change the local admin account name,
though.

We each had to take a group and manage each system to
change the password.

I would love to know if there's a way to do this, too.
It's time to change all 480 on our network!

Diane

 

[Steven L Umbach]

If you are going to change the passwords to the same password you can use a Group
Policy startup script using "net administrator newpassword". Startup scripts are
machine policy and you can use different script per OU GPO. Of course the change will
not apply until the computer is rebooted. You can also remove the everyone/users
group from permissions to that startup script so that they can not navigate to the
sysvol share and read it, but make sure that the domain computers group has
permissions to the script. If you need to use different passwords for each computer,
then create a batch file using cusrmgr as described in the KB below. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;272530

 

[Jason]

Steve! Excellent information!

does this work even though the local user is a Domain/Local User and not a
local admin?

Thanks

Jason

 

[Steven L Umbach]

It will work on any LOCAL machine account and I need to correct myself as the command
would be "net user administrator newpassword" as an example. Domain accounts will
need to be changed via Active Directory. The net commands are very helpful. Run net
help "command" to find nmore information on the command such as net help user. ---
Steve