{"id":64523,"date":"2007-07-04T00:32:00","date_gmt":"2007-07-04T00:32:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2007\/07\/04\/how-can-i-change-the-local-administrator-password-on-all-my-computers\/"},"modified":"2007-07-04T00:32:00","modified_gmt":"2007-07-04T00:32:00","slug":"how-can-i-change-the-local-administrator-password-on-all-my-computers","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/how-can-i-change-the-local-administrator-password-on-all-my-computers\/","title":{"rendered":"How Can I Change the Local Administrator Password on All My Computers?"},"content":{"rendered":"

\"Hey, \n

Hey, Scripting Guy! How can I change the local Administrator password on all the computers in my domain?

— AO <\/P>\"Spacer\"\"Hey,\"Script<\/A> \n

Hey, AO. You know, according to the now-classic cartoon punch-line, \u201con the Internet, no one knows if you\u2019re a dog.\u201d To be perfectly honest, the Scripting Guy who writes this column doesn\u2019t care if anyone thinks he\u2019s a dog or not; in fact, that\u2019s a step or two up from the kind of animal he\u2019s usually associated with. Instead, his only concern is whether or not anyone knows if he\u2019s actually working or simply making it look<\/I> like he\u2019s working. And thanks to the Internet, and to a little foresight on his part, as far as everyone knows he\u2019s been hard at work since the middle of last week. In reality, however, he spent all that time in the city of Kennewick, WA, soaking in the sunshine and watching the Scripting Son play in the \u201cBandit Bash\u201d baseball tournament.<\/P>\n\n<\/THEAD>\n\n\n
\n

Note<\/B>. Pop quiz: Try to guess which pitcher got the win in the game that gave the Scripting Son\u2019s team third-place in the tournament.<\/P>\n

Oh, well, you\u2019re right: the Scripting Son was<\/I> the winning pitcher, giving up just one earned run in 5 innings. We didn\u2019t think anyone would be able to guess that.<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n

<\/DIV>\n

Unfortunately for the Scripting Guy who writes this column, however, the party\u2019s over: the tournament is complete (although a new one starts in just two days); he no longer gets to sit around and let the Scripting Mom do all the cooking; and \u2013 to add insult to injury \u2013 he\u2019s back at work and faced with the chore of answering another question about system administration scripting. To be perfectly honest, that\u2019s a chore that seems way too daunting after four days of sunshine, baseball, and free food. Could this be the end of Hey, Scripting Guy!<\/I> the daily column?<\/P>\n

Wait, don\u2019t jump: this isn\u2019t the end of Hey, Scripting Guy!<\/I> the daily column after all. Admittedly, the Scripting Guy who writes this column found it hard to get motivated this morning. But then he remembered the words his Scripting Dad told him back on his very first day of kindergarten:<\/P>\n

\u201cSon, someday you\u2019re going to write a daily scripting column and you\u2019re going to be too burned out from baseball, sunshine, and free food to face up to that responsibility. When that time comes, remember this: Active Directory search scripts are a cinch to write, and people love them. When in doubt, toss together an Active Directory search script and call it good. Everyone will be happy, and you\u2019ll only have to put in 10, maybe 15 minutes worth of work.\u201d <\/P>\n

Thanks, Scripting Dad:<\/P>

On Error Resume Next<\/p>\n
Const ADS_SCOPE_SUBTREE = 2<\/p>\n
Set objConnection = CreateObject(“ADODB.Connection”)\nSet objCommand =   CreateObject(“ADODB.Command”)\nobjConnection.Provider = “ADsDSOObject”\nobjConnection.Open “Active Directory Provider”<\/p>\n
Set objCommand.ActiveConnection = objConnection\nobjCommand.CommandText = _\n    “Select Name From ‘LDAP:\/\/DC=fabrikam,DC=com’ Where objectClass=’computer'”  \nobjCommand.Properties(“Page Size”) = 1000\nobjCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE \nSet objRecordSet = objCommand.Execute\nobjRecordSet.MoveFirst<\/p>\n
Do Until objRecordSet.EOF\n    strComputer = objRecordSet.Fields(“Name”).Value<\/p>\n
    Set objUser = GetObject(“WinNT:\/\/” & strComputer & “\/Administrator”)\n    objUser.SetPassword “x%tY7iu8%4f”<\/p>\n
    objRecordSet.MoveNext\nLoop\n<\/PRE>\n
Of course, some of you might be wondering, \u201cWhy would the Scripting Dad tell his son that Active Directory search scripts are easy to write? This actually looks a little complicated to me.\u201d Well, you\u2019re right: this script is<\/I> a little complicated. (Although most of it\u2019s boilerplate code that can be used as-is in almost any Active Directory search script.) However, per some additional advice given by the Scripting Dad many years ago, the Scripting Guys never bother to explain the detailed workings of an Active Directory search script; instead, they simply refer people to the two-part Tales From the Script<\/I> series Dude, Where\u2019s My Printer?<\/B><\/A>That\u2019s<\/I> what makes Active Directory search scripts so easy to write. At least for the Scripting Guys.<\/P>\n\n<\/THEAD>\n\n\n
\n
Note<\/B>. Isn\u2019t that cheating a little bit, to write a daily column that simply points people to an article that was posted several years ago? Sure it is. But that\u2019s OK: on the Internet, no one knows that you\u2019re cheating.<\/P>\n
Well, unless you\u2019re dumb enough to admit<\/I> that you\u2019re cheating. But we doubt that anyone is that<\/I> dumb.<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n
<\/DIV>\n
In other words, we won\u2019t really talk about the search portion of this script; about all we\u2019ll do is take a peek at the SQL query that returns a collection of all the computers in the fabrikam.com domain:<\/P>
objCommand.CommandText = _\n    “Select Name From ‘LDAP:\/\/DC=fabrikam,DC=com’ Where objectClass=’computer'”  \n<\/PRE>\n
This is actually a pretty straightforward query: we\u2019re simply asking for the Name<\/B> of each and every object in the domain, provided that the object in question has an objectClass<\/B> equal to computer<\/I>. As you might expect, the only objects that have an objectClass equal to computer<\/I> will be computer objects. <\/P>\n
Just like the Scripting Dad said.<\/P>\n
After executing the query we get back a recordset consisting of all the computer accounts in the domain. In order to change the local Administrator password on each of those machines our next step is to set up a Do Until loop that runs until we reach the end of the recordset (or, if you want to show off your knowledge of scripting, until the recordset\u2019s EOF<\/B> \u2013 end-of-file\u2014property is True):<\/P>
Do Until objRecordSet.EOF\n<\/PRE>\n
Inside the loop, we grab the value of the Name field (the property we requested in our SQL query) and assign it to a variable named strComputer; that\u2019s what we do in this line of code:<\/P>
strComputer = objRecordSet.Fields(“Name”).Value\n<\/PRE>\n
Once we have the name of the first computer safely stashed away in strComputer we can then use this<\/I> line of code to bind to the local Administrator account on that machine:<\/P>
Set objUser = GetObject(“WinNT:\/\/” & strComputer & “\/Administrator”)\n<\/PRE>\n
Again, pretty simple and pretty straightforward. Just make sure that you type the WinNT<\/B> provider name exactly as shown; if you type WinNT in any other manner (e.g., WINNT or winnt) the script will fail. After making the connection to the local Administrator account all you have to do is call the SetPassword<\/B> method and assign the account a new password:<\/P>
objUser.SetPassword “x%tY7iu8%4f”\n<\/PRE>\n\n<\/THEAD>\n\n\n
\n
Note<\/B>. Yes, we know: we shouldn\u2019t use the Scripting Son\u2019s middle name as our password. But remember, this is just for demonstration purposes.<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n
<\/DIV>\n
That\u2019s all we have to do. After changing the password on the first computer we call the MoveNext<\/B> method and move on to the next record in the recordset; we then repeat the process with the second computer in our collection. This continues until we\u2019ve hit each and every computer in the domain.<\/P>\n
Well, OK, in theory<\/I> we\u2019ll hit each and every computer in the domain. In reality, of course, you\u2019re bound to have a few computers that are shut down, offline, or otherwise unavailable. In that case you might want to make a couple of modifications to the script. First, you might want to log each computer name and whether or not you were able to connect to that machine. One easy way to do that is to write this information to a text file; if you don\u2019t know how to write information to a text file, then take a look at this section<\/B><\/A> of the Microsoft Windows 2000 Scripting Guide<\/I>.<\/P>\n
Second, you might want to ping each computer before attempting to bind to the local Administrator account; that will enable the script to run much faster, because it won\u2019t waste time trying to connect to a computer that isn\u2019t even online. So how can<\/I> you ping a computer before trying to connect to it? Take a look at our Multiple\/Remote Computer Scripting Templates<\/B><\/A> for samples.<\/P>\n
In case you\u2019re wondering, the Scripting Guy who writes this column grew up in Kennewick, WA and everyone in his immediate family still lives there; that\u2019s how he managed to score free room and board during the baseball tournament. Kennewick is a nice enough town, although it\u2019s far less famous as a town than it is as home of Kennewick Man<\/B><\/A>, the name given to the remains of a prehistoric man found on the banks of the Columbia River. Kennewick Man has been a figure of considerable controversy, with numerous Native American tribes claiming the 9,300-year-old man as one of their ancestors. To date, however, courts have rejected all of these claims, based in large part \u2013 or so we\u2019ve been told \u2013 on testimony from Peter Costantini, the oldest living Scripting Guy. Peter claims to have graduated from high school with Kennewick Man, and insists that Kennewick Man was not Native American. We\u2019ll have to take Peter\u2019s word on that one.<\/P><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! How can I change the local Administrator password on all the computers in my domain?— AO Hey, AO. You know, according to the now-classic cartoon punch-line, \u201con the Internet, no one knows if you\u2019re a dog.\u201d To be perfectly honest, the Scripting Guy who writes this column doesn\u2019t care if anyone thinks […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,3,20,5],"class_list":["post-64523","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-scripting-guy","tag-user-accounts","tag-vbscript"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! How can I change the local Administrator password on all the computers in my domain?— AO Hey, AO. You know, according to the now-classic cartoon punch-line, \u201con the Internet, no one knows if you\u2019re a dog.\u201d To be perfectly honest, the Scripting Guy who writes this column doesn\u2019t care if anyone thinks […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/64523","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=64523"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/64523\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=64523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=64523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=64523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}