Can a non-administrator change the local administrator password on 50 workstations?
I need to change the local Administrator password on 50 computers and I want to do so using the logon script. I tried to use cryptpwd.exe, but you need administrator rights for it to work. Is there a way to make it work when the users log in to the network?
My initial reaction is to ask why a non-administrator is changing the local administrator password on 50 workstations. Generally, only administrators should know the local administrator account password. If that's the case, then you can use cryptpwd
from any workstation in the domain to handle setting the local account passwords on the desired workstations.
Another issue that concerns me is I assume the script you want to run at log in would contain a cleartext version of the local administrator password. It's generally not good practice to have files containing this type of data reside on workstations for any length of time. If you need to distribute the script to multiple workstations, you should do so from a centralized workstation once and then remove the file yourself.
- Identify proper provisioning procedures in this excerpt from Chapter 5 of The Definitive Guide to Security Management, by Dan Sullivan.
- Learn how to manage password requests and resets, with this Ask the Expert Q&A.
This was first published in April 2006