«

»

Jul 06

Remotely change local Administrator password on all domain computers

Even computer is joined with domain controller, Sysadmins are used to keep local Administrator account as a backup login account to log into the computer when domain controller is not available. However it is really important to change local Administrator password periodically to comply with company security standards.

Manually changing the local Admin password is very hard process, you can use GPOs but server 2012 and on wards this option is not available as passwords are stored on clear text without encrypting it, so in GPOs password field should be grey out if you are already checked that . If you are  using domain controller prior to server 2012 you can try GPO option methods read this for more details .However there are  lots of third party tools are available to make this process automate. Even Microsoft also introduce tool called  local administrator password solution (laps) which can be integrated with Group policies, but need to modify domain schema, however it will not discuss here, if you are interest about LAPS please follow this article of official Microsoft resource.

 

Here I’m going to shows you how to remotely change local Administrator password on all domain computers automatically without installing additional software or making no modification to domain controller. below is the our lab environment.

Domain controller :- WIndows server 2012 R2
Domain computers :- Windows 7,8,and 8.1

 

01) Get domain PCs

i) log into domain controller and open Powershell.

ii) type following command to get all client PCs managed by domain controller.

Copy output into notepad and save it as txt ex:- domainpc.txt

02) Download PSTools

Download latest tool set from here and extract it. Don’t forget to copy domainpc.txt into extract folder of PSTools.

03) Change Local Administrator password on computers

i) Open command prompt and go to extract PSTools folder.

ii) Type following command

[YOURDOMAIN] :- Active Directory domain Name
[REMOTE ADMIN ACCOUNT] :- this most probably ‘Administrator’ if you need to change other local account, specify it here
[NEW PASSWORD] :- New password for the account

ex:-

Once you enter the command it will ask Domain Administrator password, type the password and press enter if you need to get output into file, you need to append following to above command

ex:-

 

 

6 comments

Skip to comment form

  1. Rob

    Thanks for this! Two questions, will the script continue to run if a computer from the list is not powered on? How can a get a log for completed or failed computers?

    1. admin

      powered off computers will not be affected.
      it takes 10-30 seconds to apply to a single computer (simply it depends on network connectivity )

  2. Casey

    How secure is this method? Is there some sort of encryption when doing this? Who can see the password when I send this command?

    1. admin

      it’s not encrypted at all. This method is simple, but if you have concern about security, you can try Local Administrator Password Solution (LAPS)
      (https://www.microsoft.com/en-us/download/details.aspx?id=46899)

      1. Ken

        Nonsense. It does not send passwords in cleartext. LAPS is preferred, but pspasswd works if can’t implement LAPS. I’m only replying to this old thread because it’s not accurate and may dissuade people from using pspasswd for the wrong reasons.

  3. Mahmoud ElSlamony

    Really, i applied the above steps to change the local administrator password of all domain computers, through login to local administrator account of domain computer not through domain controller, it changed successfully for all domain computers, i wondered how the local administrator of any domain computer can change local administrators password of other computers.

Leave Your Thought Here