Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
There are several ways of doing this. You can spend hours of your time creating a batch, WSH or VB script that searches for all the variables needed to change the local admin password on your network, or you can save time and effort by using the utility call cryptpwd.exe provided in the NT and 2000 Resource kits. I recommend using the cryptpwd.exe approach unless you want to impress your boss with your scripting abilities.
Here is how you can use cryptpwd.exe to change the entire domain's local admin accounts. First you need to create a simple text file with the list of computers you wish to change (you can get a list of the computers in your domain from server manager or active directory if you are using Windows 2000). Next, you need to create a simple batch file and add the following line:
For /F %%x in (sampletext.txt) do cryptpwd - m %%x -P changedpassSubstitute "sampletext.txt" with the name of the text file you created and changedpass with the new password you wish to use. Save the batch file, the text file and the cryptpwd.exe file in the same directory and you are ready to change you company's local admin passwords. You can run this from an account that has domain admin rights or you can get creative and put this in a login script. I prefer to run it from my desktop. Cryptpwd also provides you with additional switches you can use to change the local admin username as well.
For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Securing Microsoft applications
Best Web Links: Passwords
This was first published in April 2002