Problem solve Get help with specific problems with your technologies, process and projects.

Can a non-administrator change the local administrator password on 50 workstations?

In this network security Ask the Expert Q&A our resident expert discusses if it's possible to use the login script to change the local admin password.

I need to change the local Administrator password on 50 computers and I want to do so using the logon script. I tried to use cryptpwd.exe, but you need administrator rights for it to work. Is there a way to make it work when the users log in to the network?
My initial reaction is to ask why a non-administrator is changing the local administrator password on 50 workstations. Generally, only administrators should know the local administrator account password. If that's the case, then you can use cryptpwd from any workstation in the domain to handle setting the local account passwords on the desired workstations.

Another issue that concerns me is I assume the script you want to run at log in would contain a cleartext version of the local administrator password. It's generally not good practice to have files containing this type of data reside on workstations for any length of time. If you need to distribute the script to multiple workstations, you should do so from a centralized workstation once and then remove the file yourself.

More Information

  • Identify proper provisioning procedures in this excerpt from Chapter 5 of The Definitive Guide to Security Management, by Dan Sullivan.
  • Learn how to manage password requests and resets, with this Ask the Expert Q&A.
This was last published in April 2006

Dig Deeper on Web authentication and access control

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.