Tip

Change a local admin password with Local Security Utility.exe

Please let us know how useful you find this tip by rating it below. Do you have a useful Windows tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize!


Have you tried to change a local admin password but missed machines because they weren't on? Here is a compiled .exe utility that gets around that problem: It lets you take a list of machine names from a text file and run a password changer for the local admin accounts, and it runs until completion. In other words, it creates a list of missed machines and machines your account does not have access to and it supplies a running percentage of completions.

The screenshots below give you an idea how the tool works.

First, launch the application "Local Security Utility.exe" and fill in the information prompts:

  1. Enter the account name = The local admin account you want to change.
  2. Enter the new Password = uh, hello? (That's a statement not the answer.)
  3. Enter in a comment (usually: Name, Date) = I put my name and the date. You will see why later but this is so you can track who did what and when.
  4. Enter the text filename (machine names) = Create a text file of the machines to change. I usually pull this from SMS, but you could use any other method of dumping machine names.

After launching the utility, here is the start screen with my info:

As you can see in the next screenshot, the utility reads the text file and displays the number of machines in the list. And, we see a perfect example of an account we wanted to change that isn't even an admin on the machine!

Next, we see the utility kicking in and using cusrmgr.exe to change the password. The "could not connect" message means the machine is not on at the time, so we can't change the password. The machine name, however, will get dropped into a miss.txt file that the utility will then read from and continue running until all machines are changed:

The whole time the utility runs, it drops a tracker to the task bar, where you can see what percentage of machines have been hit and changed:

And about 10 minutes later...

You could leave this running for days, but you have to decide the percentage that signals the most coverage or change. To kill the utility window, just close or Ctrl-C to stop the application.

Below is the missed text file, which you can use as a guide on who to target next time, or as an affirmation of who was missed.

I have used this tool to change the local admin password three times at our site, and it has done the job flawlessly each time. Earlier I mentioned adding a name or date to your comments field. This is so you can see who made changes and when changes were made in local users and groups in Microsoft's Management Console:

To recap, there are two things you have to get for this utility to work: the download script listed below and something from the resource named cusrmgr.exe. I looked to see if this script was available as a free download, but it's not, and it's too late to re-engineer the code at this time. If you do have this resource kit tool, create a folder and drop both exes into one folder. You must have an account with access to change the local admin password on your desktops.

Download script:
10601Local Security Utility.zip

This article first appeared in myITforum.com, the premier online destination for IT professionals responsible for managing their corporations' Microsoft Windows systems. The centerpiece of myITforum.com is a collection of member forums where IT professionals actively exchange technical tips, share their expertise and download utilities that help them better manage their Windows environments, specifically Microsoft Systems Management Server (SMS). It is part of the TechTarget network of industry specific IT Web sites. To register for the site and sign up for the myITforum.com daily newsletter, click here.


Michael Mott is an SMS administrator for Pfizer Inc. He can be reached at Michael.mott@pfizer.com.

This was first published in April 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.