local admin passwords

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

we have a single AD w2k domain with all w2k clients, spread over
multiple sites. the local admin username/password has always been set to
the same username/password for admin purposes on all machines.

is it possible to change this password on all of these machines without
visiting them? via group policy or another method?

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

On Thu, 1 Jul 2004 11:18:49 +0100, nevje <nevje@REMOVEyahoo.co.uk> wrote:

>we have a single AD w2k domain with all w2k clients, spread over
>multiple sites. the local admin username/password has always been set to
>the same username/password for admin purposes on all machines.
>
>is it possible to change this password on all of these machines without
>visiting them? via group policy or another method?


See tip 199 in the 'Tips & Tricks' at http://www.jsiinc.com

You can also use tip 4195

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

You can create a startup script and implement it via Group Policy using the "net
user username newpassword" command. After you put the script in the startup
folder or folders be sure to remove permissions on for users/everyone and add
the domain computers group permissions for read.execute. That keeps users from
navigating to the sysvol share to read the password in the script. Computers
will receive the new password at the next startup.

http://support.microsoft.com/default.aspx?scid=kb;en-us;322241

Otherwise look into using pspasswd from SysInternals that can remotely change
passwords on computers. You can also use it with the @filename.txt to read from
a list of computers but the computers in the list need to include the domain
name in my testing as in server2.mydomain.com. You can also use the \\* and it
will change password on every active computer in the domain. --- Steve

http://www.sysinternals.com/ntw2k/freeware/pspasswd.shtml

"nevje" <nevje@REMOVEyahoo.co.uk> wrote in message
news:MPG.1b4df56322089072989684@news.gradwell.com...
> we have a single AD w2k domain with all w2k clients, spread over
> multiple sites. the local admin username/password has always been set to
> the same username/password for admin purposes on all machines.
>
> is it possible to change this password on all of these machines without
> visiting them? via group policy or another method?

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

In article <yLXEc.8134$XM6.3967@attbi_s53>, n9rou@n0spam-comcast.net
says...
> You can create a startup script and implement it via Group Policy using the "net
> user username newpassword" command. After you put the script in the startup
> folder or folders be sure to remove permissions on for users/everyone and add
> the domain computers group permissions for read.execute. That keeps users from
> navigating to the sysvol share to read the password in the script. Computers
> will receive the new password at the next startup.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;322241
>
> Otherwise look into using pspasswd from SysInternals that can remotely change
> passwords on computers. You can also use it with the @filename.txt to read from
> a list of computers but the computers in the list need to include the domain
> name in my testing as in server2.mydomain.com. You can also use the \\* and it
> will change password on every active computer in the domain. --- Steve
>
> http://www.sysinternals.com/ntw2k/freeware/pspasswd.shtml
>
thanks for that .... im having a problem with the syntax when trying
pspasswd - its says the syntax is as follows:-

Usage: pspasswd [\\[computer[,computer,[,...]|Domain]|@file] [-u
Username [-p Password]]] Username [NewPassword]

however, i cant seem to get it quite right, having a rather dense day!
if we take:-

'domain.local' as the domain
'administrator' as the admin username
'computer1' as the system i want to change the admin password on

what would the command line be for it to work?

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

If you have only one domain and are logged on as a domain admin for that
domain try " pspasswd \\computer1 administrator newpassword " that works for
me. You can also use " pspasswd \\computer1.domain.local administrator
newpassword ". If you are not logged onto a computer with an account that
has local administrator rights on the target computer but know the
credentials for an administrator account on the target computer try "
pspasswd \\computer1 -u administrator -p xxxx administrator newpassword
.. --- Steve


"nevje" <nevje@REMOVEyahoo.co.uk> wrote in message
news:MPG.1b548e877e8a9993989685@news.gradwell.com...
> In article <yLXEc.8134$XM6.3967@attbi_s53>, n9rou@n0spam-comcast.net
> says...
> > You can create a startup script and implement it via Group Policy using
the "net
> > user username newpassword" command. After you put the script in the
startup
> > folder or folders be sure to remove permissions on for users/everyone
and add
> > the domain computers group permissions for read.execute. That keeps
users from
> > navigating to the sysvol share to read the password in the script.
Computers
> > will receive the new password at the next startup.
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;322241
> >
> > Otherwise look into using pspasswd from SysInternals that can remotely
change
> > passwords on computers. You can also use it with the @filename.txt to
read from
> > a list of computers but the computers in the list need to include the
domain
> > name in my testing as in server2.mydomain.com. You can also use the \\*
and it
> > will change password on every active computer in the domain. --- Steve
> >
> > http://www.sysinternals.com/ntw2k/freeware/pspasswd.shtml
> >
> thanks for that .... im having a problem with the syntax when trying
> pspasswd - its says the syntax is as follows:-
>
> Usage: pspasswd [\\[computer[,computer,[,...]|Domain]|@file] [-u
> Username [-p Password]]] Username [NewPassword]
>
> however, i cant seem to get it quite right, having a rather dense day!
> if we take:-
>
> 'domain.local' as the domain
> 'administrator' as the admin username
> 'computer1' as the system i want to change the admin password on
>
> what would the command line be for it to work?

 

[bbrbrp]

you can try a tool we are using called autocipher. It changes the local admin password on every machine to a unique value and let's you retrieve the password when you require it. No one in the organization knows the password, till someone requires it. It then generates and audit trail for the person that requested the password. Take a look (www.autocipher.com)