local admin passwords

Archived from groups: microsoft.public.win2000.group_policy (More info?)

we have a single AD w2k domain with all w2k clients, spread over
multiple sites. the local admin username/password has always been set to
the same username/password for admin purposes on all machines.

is it possible to change this password on all of these machines without
visiting them? via group policy or another method?
5 answers Last reply
More about local admin passwords
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    On Thu, 1 Jul 2004 11:18:49 +0100, nevje <nevje@REMOVEyahoo.co.uk> wrote:

    >we have a single AD w2k domain with all w2k clients, spread over
    >multiple sites. the local admin username/password has always been set to
    >the same username/password for admin purposes on all machines.
    >
    >is it possible to change this password on all of these machines without
    >visiting them? via group policy or another method?


    See tip 199 in the 'Tips & Tricks' at http://www.jsiinc.com

    You can also use tip 4195

    Jerold Schulman
    Windows: General MVP
    JSI, Inc.
    http://www.jsiinc.com
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    You can create a startup script and implement it via Group Policy using the "net
    user username newpassword" command. After you put the script in the startup
    folder or folders be sure to remove permissions on for users/everyone and add
    the domain computers group permissions for read.execute. That keeps users from
    navigating to the sysvol share to read the password in the script. Computers
    will receive the new password at the next startup.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;322241

    Otherwise look into using pspasswd from SysInternals that can remotely change
    passwords on computers. You can also use it with the @filename.txt to read from
    a list of computers but the computers in the list need to include the domain
    name in my testing as in server2.mydomain.com. You can also use the \\* and it
    will change password on every active computer in the domain. --- Steve

    http://www.sysinternals.com/ntw2k/freeware/pspasswd.shtml

    "nevje" <nevje@REMOVEyahoo.co.uk> wrote in message
    news:MPG.1b4df56322089072989684@news.gradwell.com...
    > we have a single AD w2k domain with all w2k clients, spread over
    > multiple sites. the local admin username/password has always been set to
    > the same username/password for admin purposes on all machines.
    >
    > is it possible to change this password on all of these machines without
    > visiting them? via group policy or another method?
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    In article <yLXEc.8134$XM6.3967@attbi_s53>, n9rou@n0spam-comcast.net
    says...
    > You can create a startup script and implement it via Group Policy using the "net
    > user username newpassword" command. After you put the script in the startup
    > folder or folders be sure to remove permissions on for users/everyone and add
    > the domain computers group permissions for read.execute. That keeps users from
    > navigating to the sysvol share to read the password in the script. Computers
    > will receive the new password at the next startup.
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;322241
    >
    > Otherwise look into using pspasswd from SysInternals that can remotely change
    > passwords on computers. You can also use it with the @filename.txt to read from
    > a list of computers but the computers in the list need to include the domain
    > name in my testing as in server2.mydomain.com. You can also use the \\* and it
    > will change password on every active computer in the domain. --- Steve
    >
    > http://www.sysinternals.com/ntw2k/freeware/pspasswd.shtml
    >
    thanks for that .... im having a problem with the syntax when trying
    pspasswd - its says the syntax is as follows:-

    Usage: pspasswd [\\[computer[,computer,[,...]|Domain]|@file] [-u
    Username [-p Password]]] Username [NewPassword]

    however, i cant seem to get it quite right, having a rather dense day!
    if we take:-

    'domain.local' as the domain
    'administrator' as the admin username
    'computer1' as the system i want to change the admin password on

    what would the command line be for it to work?
  4. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    If you have only one domain and are logged on as a domain admin for that
    domain try " pspasswd \\computer1 administrator newpassword " that works for
    me. You can also use " pspasswd \\computer1.domain.local administrator
    newpassword ". If you are not logged onto a computer with an account that
    has local administrator rights on the target computer but know the
    credentials for an administrator account on the target computer try "
    pspasswd \\computer1 -u administrator -p xxxx administrator newpassword
    .. --- Steve


    "nevje" <nevje@REMOVEyahoo.co.uk> wrote in message
    news:MPG.1b548e877e8a9993989685@news.gradwell.com...
    > In article <yLXEc.8134$XM6.3967@attbi_s53>, n9rou@n0spam-comcast.net
    > says...
    > > You can create a startup script and implement it via Group Policy using
    the "net
    > > user username newpassword" command. After you put the script in the
    startup
    > > folder or folders be sure to remove permissions on for users/everyone
    and add
    > > the domain computers group permissions for read.execute. That keeps
    users from
    > > navigating to the sysvol share to read the password in the script.
    Computers
    > > will receive the new password at the next startup.
    > >
    > > http://support.microsoft.com/default.aspx?scid=kb;en-us;322241
    > >
    > > Otherwise look into using pspasswd from SysInternals that can remotely
    change
    > > passwords on computers. You can also use it with the @filename.txt to
    read from
    > > a list of computers but the computers in the list need to include the
    domain
    > > name in my testing as in server2.mydomain.com. You can also use the \\*
    and it
    > > will change password on every active computer in the domain. --- Steve
    > >
    > > http://www.sysinternals.com/ntw2k/freeware/pspasswd.shtml
    > >
    > thanks for that .... im having a problem with the syntax when trying
    > pspasswd - its says the syntax is as follows:-
    >
    > Usage: pspasswd [\\[computer[,computer,[,...]|Domain]|@file] [-u
    > Username [-p Password]]] Username [NewPassword]
    >
    > however, i cant seem to get it quite right, having a rather dense day!
    > if we take:-
    >
    > 'domain.local' as the domain
    > 'administrator' as the admin username
    > 'computer1' as the system i want to change the admin password on
    >
    > what would the command line be for it to work?
  5. you can try a tool we are using called autocipher. It changes the local admin password on every machine to a unique value and let's you retrieve the password when you require it. No one in the organization knows the password, till someone requires it. It then generates and audit trail for the person that requested the password. Take a look (www.autocipher.com)
Ask a new question

Read More

Policy Domain Microsoft Windows