Manage Learn to apply best practices and optimize your operations.

Change a local admin password with Local Security Utility.exe

Whether machines are off or on, here's a tool that lets you run a password changer for local admin accounts and gives you a running percentage of completions as well.

Please let us know how useful you find this tip by rating it below. Do you have a useful Windows tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize!

Have you tried to change a local admin password but missed machines because they weren't on? Here is a compiled .exe utility that gets around that problem: It lets you take a list of machine names from a text file and run a password changer for the local admin accounts, and it runs until completion. In other words, it creates a list of missed machines and machines your account does not have access to and it supplies a running percentage of completions.

The screenshots below give you an idea how the tool works.

First, launch the application "Local Security Utility.exe" and fill in the information prompts:

  1. Enter the account name = The local admin account you want to change.
  2. Enter the new Password = uh, hello? (That's a statement not the answer.)
  3. Enter in a comment (usually: Name, Date) = I put my name and the date. You will see why later but this is so you can track who did what and when.
  4. Enter the text filename (machine names) = Create a text file of the machines to change. I usually pull this from SMS, but you could use any other method of dumping machine names.

After launching the utility, here is the start screen with my info:

As you can see in the next screenshot, the utility reads the text file and displays the number of machines in the list. And, we see a perfect example of an account we wanted to change that isn't even an admin on the machine!

Next, we see the utility kicking in and using cusrmgr.exe to change the password. The "could not connect" message means the machine is not on at the time, so we can't change the password. The machine name, however, will get dropped into a miss.txt file that the utility will then read from and continue running until all machines are changed:

The whole time the utility runs, it drops a tracker to the task bar, where you can see what percentage of machines have been hit and changed:

And about 10 minutes later...

You could leave this running for days, but you have to decide the percentage that signals the most coverage or change. To kill the utility window, just close or Ctrl-C to stop the application.

Below is the missed text file, which you can use as a guide on who to target next time, or as an affirmation of who was missed.

I have used this tool to change the local admin password three times at our site, and it has done the job flawlessly each time. Earlier I mentioned adding a name or date to your comments field. This is so you can see who made changes and when changes were made in local users and groups in Microsoft's Management Console:

To recap, there are two things you have to get for this utility to work: the download script listed below and something from the resource named cusrmgr.exe. I looked to see if this script was available as a free download, but it's not, and it's too late to re-engineer the code at this time. If you do have this resource kit tool, create a folder and drop both exes into one folder. You must have an account with access to change the local admin password on your desktops.

Download script:
10601Local Security

This article first appeared in, the premier online destination for IT professionals responsible for managing their corporations' Microsoft Windows systems. The centerpiece of is a collection of member forums where IT professionals actively exchange technical tips, share their expertise and download utilities that help them better manage their Windows environments, specifically Microsoft Systems Management Server (SMS). It is part of the TechTarget network of industry specific IT Web sites. To register for the site and sign up for the daily newsletter, click here.

Michael Mott is an SMS administrator for Pfizer Inc. He can be reached at

Dig Deeper on Windows legacy operating systems

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.