Change a local admin password with Local Security Utility.exe

Change a local admin password with Local Security Utility.exe

Please let us know how useful you find this tip by rating it below. Do you have a useful Windows tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize!

Have you tried to change a local admin password but missed machines because they weren't on? Here is a compiled .exe utility that gets around that problem: It lets you take a list of machine names from a text file and run a password changer for the local admin accounts, and it runs until completion. In other words, it creates a list of missed machines and machines your account does not have access to and it supplies a running percentage of completions.

The screenshots below give you an idea how the tool works.

First, launch the application "Local Security Utility.exe" and fill in the information prompts:

  1. Enter the account name = The local admin account you want to change.
  2. Enter the new Password = uh, hello? (That's a statement not the answer.)
  3. Enter in a comment (usually: Name, Date) = I put my name and the date. You will see why later but this is so you can track who did what and when.
  4. Enter the text filename (machine names) = Create a text file of the machines to change. I usually pull this from SMS, but you could use any other method of dumping machine names.

After launching the utility, here is the start screen with my info:

As you can see

    Requires Free Membership to View

    Login

    When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.

    Margie Semilof, Editorial Director

    By submitting your registration information to SearchEnterpriseDesktop.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseDesktop.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

in the next screenshot, the utility reads the text file and displays the number of machines in the list. And, we see a perfect example of an account we wanted to change that isn't even an admin on the machine!

Next, we see the utility kicking in and using cusrmgr.exe to change the password. The "could not connect" message means the machine is not on at the time, so we can't change the password. The machine name, however, will get dropped into a miss.txt file that the utility will then read from and continue running until all machines are changed:

The whole time the utility runs, it drops a tracker to the task bar, where you can see what percentage of machines have been hit and changed:

And about 10 minutes later...

You could leave this running for days, but you have to decide the percentage that signals the most coverage or change. To kill the utility window, just close or Ctrl-C to stop the application.

Below is the missed text file, which you can use as a guide on who to target next time, or as an affirmation of who was missed.

I have used this tool to change the local admin password three times at our site, and it has done the job flawlessly each time. Earlier I mentioned adding a name or date to your comments field. This is so you can see who made changes and when changes were made in local users and groups in Microsoft's Management Console:

To recap, there are two things you have to get for this utility to work: the download script listed below and something from the resource named cusrmgr.exe. I looked to see if this script was available as a free download, but it's not, and it's too late to re-engineer the code at this time. If you do have this resource kit tool, create a folder and drop both exes into one folder. You must have an account with access to change the local admin password on your desktops.

Download script:
10601Local Security Utility.zip

This article first appeared in myITforum.com, the premier online destination for IT professionals responsible for managing their corporations' Microsoft Windows systems. The centerpiece of myITforum.com is a collection of member forums where IT professionals actively exchange technical tips, share their expertise and download utilities that help them better manage their Windows environments, specifically Microsoft Systems Management Server (SMS). It is part of the TechTarget network of industry specific IT Web sites. To register for the site and sign up for the myITforum.com daily newsletter, click here.

Michael Mott is an SMS administrator for Pfizer Inc. He can be reached at Michael.mott@pfizer.com.

This was first published in April 2005

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top