I worked up a script to do this recently, and wrapped it as an .hta to help minimize the password exposure. It doesn't store the password, but at least it's obfuscated when you enter it. As far as turning it into a constant process, it doesn't seem like this should be the kind of thing that you'd be doing daily. Even if it was a weekly cycle, I'd rather fully automate it but not at the risk of storing the password in clear text where someone could stumble across it.
I'll try to get the .hta and readme posted in a public area. Hunter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 25, 2004 5:39 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [ActiveDir] Local admin acct You got me :). Cusrmgr is still the way to go, though. You can do it in batch file as a one-off thing, looping through an input file containing your computernames. Or go the ADSI route, with something like: computername = "thatcomputer" Set chgPass = GetObject("WinNT://" & computername & "/Administrator, user") chgPass.SetPassword "thePassword" chgPass.SetInfo Either way, to make it a constant process, you will have to store the pass somewhere. I'll think of something more elegant. Sincerely, D�j� Ak�m�l�f�, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Sean Johnson Sent: Wed 8/25/2004 1:03 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Local admin acct Unless I'm mistaken everyone has read access to that share, so you're effectively exposing your local admin password to anyone who cares to take a look. On Wed, 25 Aug 2004 12:39:13 -0700, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Get cusrmgr from the Support Tools (or is it Reskit). Put that in the > netlogon share of one of your DCs. > > Then create a batch file with the following: > @Echo off > %logonserver\netlogon\cusrmgr -u administrator -P thepassword goto > :EOF > > Now create (or edit) a GPO that assigns a machine Startup Script and > tell it > to use this batch file. > > Sincerely, > > D�j� Ak�m�l�f�, MCSE MCSA MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of Mike Hogenauer > Sent: Wed 8/25/2004 11:54 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Local admin acct > > Curious does anyone have a script that will change the local admin > password on all computers in the domain or point me to a good location? > > Thank You > > Mike > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
