How to reset local administrator passwords in a Windows Domain

**Inigo** · 19-11-2010

I would like to explain how it works (via WSH) to change / reset the local administrator password of more computers in the domain. First of all, keep in mind that the operations will be performed using a domain account that has at least local administrative rights on client computers on the network. The next step is to download from scripts section, these two vbs:

Change Local Administrator password on all computers in a list
List all users and computers and within an Sub-OU's

You can observe the main script which would be like "Change Local Administrator Password On All Computers In A List" and is designed to connect to all client computers on the network by resetting / changing the password of "Administrator" local. The secondary script "List All Computers and Users OU And within an Subous" instead is supportive and will be used to extrapolate easily from Active Directory the list of all computers to be subjected to "treatment". The next step is, if you have not already done so, remove the script above and extract to any folder, for convenience let's say you extract the folder "C: \ Scripts".

**Inigo** · 20-11-2010

Extraction of the computer account from Active Directory - "Change Local Administrator Password On All Computers In A List" needs to have as input a text file named Computers.txt containing the names of all computers on which to change this password, so you will need to obtain a prior information. Doing so is very simple, Edit the script "List All Computers and Users OU And Within An Subous" and change the parameters. That is the variable with which to set the depth of research, namely the number of tiers from the base DN (the next variable) in which the objects will be searched. This variable is useful if you are interested in extracting only a part of all the computers contained in a tree of organizational units. In any case, simply set this variable to a number high enough to ensure the development of all organizational units.

Code:

"SELECT Name FROM 'LDAP: / / ou = Computers, ou = Root, dc = domain, dc = lan' WHERE objectCategory = 'Computer'"

This is the path to LDAP script that will use as a starting point (base dn) for the extraction of the account. For those who do not know OU is used to declare the name of an Organizational Unit (OU) and DC need to declare the Domain Component (the components of the domain name).

**Inigo** · 20-11-2010

Below you can see the structure of a fictitious domain to be taken as a reference for setting the two variables just mentioned:

Save and close the editing of the script when you think it is fair and appropriate to your needs. Run it (from a command prompt opened previously) using the command:

cscript list_all_computers_along_users_including_an_ou_and_subous.vbs> Computers.txt

the final part> Computers.txt will completely redirect the output of the script in the text file Computers.txt (unless there is created). The first three lines show the version of WSH and we do not need, delete them and save the file. Computers.txt is now ready to be provided as input to "Change Local Administrator Password On All Computers In A List". Now that we've created the file Computers.txt all the work is already done. All that remains is to run the script "Change Local Administrator Password On All Computers In A List" with cscript (in this case could be enough to start Wscript and then just double click the vbs file).

cscript change_local_administrator_password_every_computers_in_list.vbs

Wait until the window appears telling you that the script is finished. You can then access the two log files:

errors.txt
changedpwd.txt

In the former you will find the report of errors encountered during the execution of commands.

The second one shows which computer was successfully changed the password of local administrator.

With errors.txt file, there will also be possible to distinguish the computer on which you have access through your user credentials from those to which access is not simply because they are extinct or missing. The only recommendation in such scenario that I make is to pay particular attention to the password set to go through this script, if you are active in the domain password policy on it is good that we respect them otherwise you could end up with a blank file and errors changepwd.txt full of numerical errors are difficult to understand.