Comments on: Change the local administrator password on LOTS of domain machines.

By: DarenGMcDougal

DarenGMcDougal — Thu, 10 Nov 2011 06:47:32 +0000

O yeah! Im so interesting of this.talking about the user startup script that maps their drives.It changes the passwords to a random password that meets the criteria you define, and logs which machine got which password.

By: BBRB

BBRB — Sun, 21 Sep 2008 15:24:37 +0000

Try using autocipher (www.autocipher.com). It will change the local administrator password on every machine to unique value and make it avilable on-demand. This way no one knows the password on any machine.

By: El Di Pablo

El Di Pablo — Sun, 13 Apr 2008 02:29:19 +0000

Oh yes. I thought you were talking about the user startup script that maps their drives.

By: AskTheAdmin

AskTheAdmin — Sat, 12 Apr 2008 00:02:08 +0000

Nice. Pharcide and Joe G! Way to contribute.

By: pharcide

pharcide — Fri, 11 Apr 2008 23:32:33 +0000

gpo*

By: pharcide

pharcide — Fri, 11 Apr 2008 23:32:10 +0000

as a "computer" startup script in the gop, the script executes when the COMPUTER starts up or shuts down. It executes in context of "Local System Account". so this occurs before the user logs in

By: AskTheAdmin

AskTheAdmin — Fri, 11 Apr 2008 23:31:11 +0000

Wow! Someone is paying attention :)

Yeah when I confronted him he got all cocky and obnoxious. So he got the axe.

By: pharcide

pharcide — Fri, 11 Apr 2008 23:26:51 +0000

no, you put it in the computer start up scripts not the user, therefore it does not have that problem

By: El Di Pablo

El Di Pablo — Fri, 11 Apr 2008 22:30:37 +0000

The problem with that is the startup script is ran as the user. If they don't have local admin rights this will not work.

By: pharcide

pharcide — Fri, 11 Apr 2008 22:02:54 +0000

hey, i've done this before and i believe there is a much easier way. Just create a batch file, something like "net user administrator " and put it in the GPO for computers under startup scripts. When the computers restart (which you can also do with some commands) the admin password will be changed. Let me know what you think. Now this might be a problem if you need it done immediately and can't restart everyone's computers ;)

By: Peter

Peter — Fri, 11 Apr 2008 20:17:03 +0000

Was this the end result of the failed backup incident?

By: Joe G.

Joe G. — Fri, 11 Apr 2008 17:11:16 +0000

There is a script posted to Curtis Washington's site that handles failed machines by logging them, and can search your domain for machines to change passwords on based on their computer names (you can define the filter criteria). It changes the passwords to a random password that meets the criteria you define, and logs which machine got which password.

You can find it here: http://tinyurl.com/5n7nbr “>http://tinyurl.com/5n7nbr

I have used a modified version of this (I prefer the same administrator password on all workstations) for quite a while now, and it works great for me.

By: Joe G.

Joe G. — Fri, 11 Apr 2008 17:11:16 +0000

You can find it here: http://tinyurl.com/5n7nbr “>http://tinyurl.com/5n7nbr

I have used a modified version of this (I prefer the same administrator password on all workstations) for quite a while now, and it works great for me.

By: El Di Pablo

El Di Pablo — Fri, 11 Apr 2008 15:25:28 +0000

I had to do that a while back too ( http://www.bauer-power.net/2007/09/changing-local…“>). “>http://www.bauer-power.net/2007/09/changing-local…). I used pspasswd and a list of computers. The good thing about that is the script didn't halt if people's machines weren't turned on.

By: El Di Pablo

El Di Pablo — Fri, 11 Apr 2008 15:25:28 +0000