Title: RE: [ActiveDir] Reset Local Admin Passwords
Hello Scott,
 
If you are talking about the DSRM-Password: SetPW - which is available in W2k SP4 - enables you to remotly reset a DCs DCRM-Password. If you want to run this across all running DCs you can do that as following:
 
for /f %i in ('dsquery * -Filter "(&(objectCategory=Computer)(userAccountControl=532480))" –attr name -q') do setpwd /s:%i /p:[EMAIL PROTECTED]
 
Make sure you extend the script to provide you with logging - you need to make sure that you know if you were unable to reset a DCs DSRM-Password.
 

Gruesse - Sincerely,

Ulf B. Simon-Weidner

  MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
  Weblog: http://msmvps.org/UlfBSimonWeidner

  Website:
http://www.windowsserverfaq.org
  Profile:   http://mvp.support.microsoft.com/profile=""> 
  

 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Klassen
Sent: Friday, March 31, 2006 10:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Reset Local Admin Passwords

A bit dated I know, but Danish company’s web site seems to have gone kaput.  Does anyone here happen to have a copy of DCPC to share?

 

Scott Klassen

 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Katrin Wilhelm
Sent: Tuesday, January 31, 2006 3:54 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Reset Local Admin Passwords

 

Use a tool call DCPC (DC password changer) freeware you can find it here http://www.danish-company.com/dcpc all you need is the domain admin password and all PC running. – Strait forward and I am changing the password every 2-3 month.

 

Cheers,

Katrin Wilhelm (MCSA)
CVGT Employment & Training Specialists
Australia
E-mail: [EMAIL PROTECTED]


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, 1 February 2006 4:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Reset Local Admin Passwords

 

We do realize the potential risk in this but this request is coming from
a higher authority (my boss). I've been asked to find a way to change it
and I believe that they are going to have the password reset on a
monthly basis.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Laura E. Hunter
Sent: Tuesday, January 31, 2006 11:30 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Reset Local Admin Passwords

> > We currently have about 4 different passwords floating around our
> > domain and we'd like to get it down to a single standard. Any help
> > would be appreciated.
> >
> >

Okay, just to offer a counterpoint to your underlying plan - you do
realise that by using a single local admin password across your
enterprise, if even -one- of those workstations gets the admin password
compromised, the attacker who did so now has local admin rights to every
workstation on your network?  With apologies to Jesper Johannsen[1],
it's one of those "How to get your network hacked in 10 easy steps"
things - if I've just compromised the local admin password of
WorkstationA, what do you think is going to be the very first password I
try when I move on to try and compromise WorkstationB?

 

[1] And additional apologies for the fact that I'm sure I just spelled
his name wrong.

--
-----------------------
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_
(http://tinyurl.com/7f8ll)
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

Confidentiality:

The contents contain privileged and/or confidential information intended for the named recipient of this email.

CVGT does not warrant that the contents of any electronically transmitted information will remain confidential.

If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email is prohibited.

If you receive this email in error, please reply to us immediately and delete the document.

Viruses:

 

It is the recipient/client's duties to virus scan and otherwise test the information provided before loading onto any computer system.

No warranty is made that this material is free from computer virus or any other defect or error.

Any loss/damage incurred by using this material is not the sender's responsibility.  CVGTs entire liability will be limited to resupplying the material.

Please contact us at
www.cvgt.com.au for further information regarding this disclaimer.

Reply via email to