Change a local admin password with Local Security Utility.exe

Please let us know how useful you find this tip by rating it below. Do you have a useful Windows tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize!

Have you tried to change a local admin password but missed machines because they weren't on? Here is a compiled .exe utility that gets around that problem: It lets you take a list of machine names from a text file and run a password changer for the local admin accounts, and it runs until completion. In other words, it creates a list of missed machines and machines your account does not have access to and it supplies a running percentage of completions.

The screenshots below give you an idea how the tool works.

First, launch the application "Local Security Utility.exe" and fill in the information prompts:

1. Enter the account name = The local admin account you want to change.
2. Enter the new Password = uh, hello? (That's a statement not the answer.)
3. Enter in a comment (usually: Name, Date) = I put my name and the date. You will see why later but this is so you can track who did what and when.
4. Enter the text filename (machine names) = Create a text file of the machines to change. I usually pull this from SMS, but you could use any other method of dumping machine names.

After launching the utility, here is the start screen with my info:
[IMAGE]

As you can see in the next screenshot, the utility reads the text file and displays the number of machines in the list. And, we see a perfect example of an account we wanted to change that isn't even an admin on the machine!
[IMAGE]

Next, we see the utility kicking in and using cusrmgr.exe to change the password. The "could not connect" message means the machine is not on at the time, so we can't change the password. The machine name, however, will get dropped into a miss.txt file that ...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Windows XP Pro Guide to converting from Windows XP to Windows 7 Top 5 registry keys for Windows XP Manage the desktop image lifecycle to limit work, ensure security Secure Windows XP before a Windows 7 upgrade Microsoft's August patches run the gamut Hold on to Windows XP at your peril XP stragglers blame hardware costs, new features Your questions answered: The Windows 7 upgrade quandary Windows Vista users get little pricing relief on Windows 7 Vista shops eye quick path to Windows 7, XP shops likely to resist Windows legacy operating systems Windows 7 launches, offers salvation from Vista Admins can wear many hats using Netcat Choosing the best way to install images Ten ways to sell security to management Improve Windows security with our top 10 tips Windows Vista management tutorial Ten ways to selling security to management Vista security option changes to named pipe access Minasi talks Vista security, Windows Server 2008 features Troubleshooting IEEE 1394 bus devices for Windows machines

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Error messages for Windows XP Pro  (SearchEnterpriseDesktop.com) XP key changer  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

the utility will then read from and continue running until all machines are changed:
[IMAGE]

The whole time the utility runs, it drops a tracker to the task bar, where you can see what percentage of machines have been hit and changed:
[IMAGE]

And about 10 minutes later...
[IMAGE]

You could leave this running for days, but you have to decide the percentage that signals the most coverage or change. To kill the utility window, just close or Ctrl-C to stop the application.

Below is the missed text file, which you can use as a guide on who to target next time, or as an affirmation of who was missed.
[IMAGE]

I have used this tool to change the local admin password three times at our site, and it has done the job flawlessly each time. Earlier I mentioned adding a name or date to your comments field. This is so you can see who made changes and when changes were made in local users and groups in Microsoft's Management Console:
[IMAGE]

To recap, there are two things you have to get for this utility to work: the download script listed below and something from the resource named cusrmgr.exe. I looked to see if this script was available as a free download, but it's not, and it's too late to re-engineer the code at this time. If you do have this resource kit tool, create a folder and drop both exes into one folder. You must have an account with access to change the local admin password on your desktops.

Download script:
10601Local Security Utility.zip

This article first appeared in myITforum.com, the premier online destination for IT professionals responsible for managing their corporations' Microsoft Windows systems. The centerpiece of myITforum.com is a collection of member forums where IT professionals actively exchange technical tips, share their expertise and download utilities that help them better manage their Windows environments, specifically Microsoft Systems Management Server (SMS). It is part of the TechTarget network of industry specific IT Web sites. To register for the site and sign up for the myITforum.com daily newsletter, click here.