VBScript program to reset the local Administrator password on all workstations in the domain to the
same value. The program documents all activity, including workstations that could not be contacted or
on which the password could not be reset, to a log file. The NetBIOS names of all computers where the
password was not reset are also written to a "missed" file. The next time the program is run,
only the computers listed in this file will be processed. The program can be run repeatedly until this
file is empty, meaning that the local Administrator password has been reset on all workstations.
If there is not a text file of "missed" computers from a previous execution of the program, the program uses ADO to retrieve the NetBIOS names of all computers that do not have the string "server" in the value of the operatingSystem attribute. This should skip all member servers and domain controllers. If there is a file of "missed" computers, only the computers listed in that file are processed. If desired, you could start with a "missed" file that lists only the computers you want processed. For example, you could create a file with the NetBIOS names of computers in only one Organizational Unit.
For each computer the program first pings the machine to check if it is available. Then the program binds to the local Administrator user and resets the password. All activity is logged to a log file. If the password is not reset, the NetBIOS name of the computer is written to the text file of "missed" computers. The text file of "missed" computers is re-written every time the program runs.
The new password, the name and path of the log file, and the name and path of the "missed" computers file are hard coded in the program. You need to make sure these values are appropriate for you. The first time the program is run it attempts to reset the local Administrator password for all workstations in the domain, unless you create a "missed" computers file first. The program will indicate how many passwords were reset successfully and how many computers were missed. If any computers were missed you can run the program again repeatedly until there are no missed computers.
The local Administrator password will not be reset in the following cases: The computer is not available (turned off or otherwise not authenticated to the domain), you lack permission to reset the password, the program is blocked by a firewall, or the local Administrator user has been renamed. In some cases you will not be able to reset the password until you correct the situation. In many cases you will need to wait until the computer is available. If you have renamed the local Administrator user on all of your workstations, you can replace "Administrator" in the program with your particular local account name.
ResetLocalAdminPwds.txt <<-- Click here to view or download the program
Another program has been developed, identical to the one above, but this one identifies the local Administrator user by the well-known RID. All local users on each computer are enumerated until the one with a RID (the last 4 bytes of the objectSID) equal to "500" (decimal) is found (the value is "F4010000" in hexadecimal). This is the Administrator user. This modification is useful if your Administrator user could have been renamed, or the local language is not English. This program works no matter what the name of the local Administrator user is.
ResetLocalAdminPwds2.txt <<-- Click here to view or download the program