Q

What is the best way to securely change the local administrator password in a domain?

Identity management and access control expert Joel Dubin unveils how a corporation can change local administrator accounts and passwords on a domain system.

What's the most secure way to go about changing the local administrator password on 300 computers in a domain?
Changing local administrator passwords is a good security practice to keep intruders from getting into workstations and wreaking havoc.

But, keep this in mind if you still want control over the computers on the domain level or through Active Directory.

Make sure to first add your domain administrators group to the local administrator group on the computer before you apply the changes on the workstations. Otherwise, you won't be able to remotely administer the machines through the domain.

There are two automated approaches to changing local administrator accounts and passwords on multiple computers in a domain. One is to write a batch script and, the other, if the machines are running Windows, is to use a tool from Microsoft.

The preferred way is to use the Microsoft tool cusrmgr.exe, which comes as part of the Windows 2000 Resource Kit, but can be used on other Windows versions as well. This is done by using cusrmgr.exe to run a batch script that cycles through the workstations on the domain.

To briefly highlight the script method to present an idea of what's possible, scripts in VBScript and Windows Script Host are available on the Web for searching and updating workstations in an Active Directory domain. A 25-line script can usually do the trick.

For more information:

  • In this tip, Joel Dubin offers best practices and tools for ensuring password compliance.
  • Learn how to securely distribute one-time password tokens.
  • This was first published in November 2007

    Dig deeper on Password Management and Policy

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close