Mr. Roboto
Password Please?
The PWDMan tool can help make changing the password settings on multiple systems a breeze.
- By Jeffery Hicks
- 01/01/2007
Do you remember the last time you changed your administrator password? How
about all the time it takes to change password settings on 10, 100 or 500 systems?
You know how important it is to remind your users to change their passwords,
but one of the most common -- and commonly overlooked -- administrative tasks
is changing the local administrator account on domain member desktops and servers.
Fortunately, you can do this easily with VBScript and ADSI. Not comfortable
with scripting? Never fear. I've wrapped up all the functionality you'll need
in an HTA called PWDMan. It only requires that you have remote administrative
access and Windows XP. (The tool will run on Windows 2000, but you'll lose a
few features.)
With PWDMan, you can query a single computer or a list of computers to determine
the age of the local administrator account's password to see if it's time for
a change. In the drop down box, enter either the name of a computer or the name
of a text file with a list of computer names. Be sure to include the full path
if it's not in the same directory as PWDMan. You can also click the "Browse"
button to find the text file.
If you're following security best practices, you've renamed the local administrator
account. If so, change the name of the account under Account Information. PWDMan
will check the password age of the specified account on all computers in your
list. You don't need to actually enter any passwords until you're ready to change
them.
Ready to Run
PWDMan has two runtime options. You can verify that the computer is indeed up
and running first with a ping before you try to change anything. This feature
uses the Win32_PingStatus class (which is unavailable in Windows 2000).
You can also create a text list of any computer that fails. This helps you
go back later and manually check those machines to see why the change didn't
take. PWDMan creates a log file with a unique name using a time stamp in the
same directory as PWDMan. When you're ready, select "Report Only,"
click the "Go" button, then sit back and watch. PWDMan will display
its progress and create a simple report that you can print or export to a .CSV
file.
When you're ready to actually change the password, select that option. Enter
and confirm the new password. PWDMan will mask the password, but because you're
making such a major change to your network, PWDMan has a "Show Password"
button you can use for a sanity check before you pull the trigger.
When you click "Go," it will warn you of the potential risks of changing
passwords. Take a few deep breaths and make absolutely certain you're ready
to change. As with anything that makes changes to your network, you should first
test it thoroughly in a non-production environment.
Assuming you're ready, PWDMan will then go out and touch every computer in
the list and change the password for the specified account. The tool will then
display the results of the change. You've just accomplished a tedious -- but
critical -- task in minutes instead of hours or days.
About the Author
Jeffery Hicks is an IT veteran with over 25 years of experience, much of it spent as an IT infrastructure consultant specializing in Microsoft server technologies with an emphasis in automation and efficiency. He is a multi-year recipient of the Microsoft MVP Award in Windows PowerShell. He works today as an independent author, trainer and consultant. Jeff has written for numerous online sites and print publications, is a contributing editor at Petri.com, and a frequent speaker at technology conferences and user groups.