How to change local admin password for all domain computers
1 2 3 4 5 6 7 8 9 10 11 12 |
$computers = Get-Content -Path "pcs.txt" $useracct = "Administrator" $password = "yournewpassword" foreach ($computer in $computers) { Write-Host "Setting $useracct's password on $computer" $user = [adsi]"WinNT://$computer/$useracct,user" $user.SetPassword($password) $user.SetInfo() Write-Host "Password set on $computer" } |
Microsoft has a Powershell script that will change the local admin account passwords on a list of PCs. The issue is that it creates a random password for each machine and saves it to AD, so this requires that you expand your AD Schema to make it work. That script is here.
This code block I found (somewhere on Stack I think) uses the same method as the MS script, so it seems safe, just add all your PCs to the pcs.txt, with one on each line.
This script is very simple but does work. If a machine is offline then the password will not be updated, and currently errors are not logged anywhere. There is also no error handling so the errors are quite ugly.
Run this as a domain admin somewhere, and obviously don’t put it where a normal user can open it and see the password.