Ask the Expert

Can a non-administrator change the local administrator password on 50 workstations?

I need to change the local Administrator password on 50 computers and I want to do so using the logon script. I tried to use cryptpwd.exe, but you need administrator rights for it to work. Is there a way to make it work when the users log in to the network?

    Requires Free Membership to View

My initial reaction is to ask why a non-administrator is changing the local administrator password on 50 workstations. Generally, only administrators should know the local administrator account password. If that's the case, then you can use cryptpwd from any workstation in the domain to handle setting the local account passwords on the desired workstations.

Another issue that concerns me is I assume the script you want to run at log in would contain a cleartext version of the local administrator password. It's generally not good practice to have files containing this type of data reside on workstations for any length of time. If you need to distribute the script to multiple workstations, you should do so from a centralized workstation once and then remove the file yourself.

More Information

  • Identify proper provisioning procedures in this excerpt from Chapter 5 of The Definitive Guide to Security Management, by Dan Sullivan.
  • Learn how to manage password requests and resets, with this Ask the Expert Q&A.

This was first published in April 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: