List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] Reset Local Admin Passwords

Prev Next

You are not authorized to post a reply.

Page 2 of 2

Author

Messages

lists1

Posts:6

04/01/2006 2:58 AM
Hello Scott, If you are talking about the DSRM-Password: SetPW - which is available in W2k SP4 - enables you to remotly reset a DCs DCRM-Password. If you want to run this across all running DCs you can do that as following: for /f %i in ('dsquery * -Filter "(&(objectCategory=Computer)(userAccountControl=532480))" “attr name -q') do setpwd /s:%i /p:P@ssw0rd Make sure you extend the script to provide you with logging - you need to make sure that you know if you were unable to reset a DCs DSRM-Password. Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org Profile: http://mvp.support.microsoft.com/profile=""> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Scott KlassenSent: Friday, March 31, 2006 10:19 AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Reset Local Admin Passwords A bit dated I know, but Danish company™s web site seems to have gone kaput. Does anyone here happen to have a copy of DCPC to share? Scott Klassen From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Katrin WilhelmSent: Tuesday, January 31, 2006 3:54 PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Reset Local Admin Passwords Use a tool call DCPC (DC password changer) freeware you can find it here http://www.danish-company.com/dcpc all you need is the domain admin password and all PC running. “ Strait forward and I am changing the password every 2-3 month. Cheers, Katrin Wilhelm (MCSA)CVGT Employment & Training SpecialistsAustraliaE-mail: kwilhelm@xxxxxxxxxxx From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of bonnie.pohlschneider@xxxxxxxxxxxxxxxxxxSent: Wednesday, 1 February 2006 4:09 AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Reset Local Admin Passwords We do realize the potential risk in this but this request is coming from a higher authority (my boss). I've been asked to find a way to change it and I believe that they are going to have the password reset on a monthly basis. -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Laura E. Hunter Sent: Tuesday, January 31, 2006 11:30 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: Re: [ActiveDir] Reset Local Admin Passwords > > We currently have about 4 different passwords floating around our > > domain and we'd like to get it down to a single standard. Any help > > would be appreciated. > > > > Okay, just to offer a counterpoint to your underlying plan - you do realise that by using a single local admin password across your enterprise, if even -one- of those workstations gets the admin password compromised, the attacker who did so now has local admin rights to every workstation on your network? With apologies to Jesper JohannsenΏ], it's one of those "How to get your network hacked in 10 easy steps" things - if I've just compromised the local admin password of WorkstationA, what do you think is going to be the very first password I try when I move on to try and compromise WorkstationB? Ώ] And additional apologies for the fact that I'm sure I just spelled his name wrong. -- ----------------------- Laura E. Hunter Microsoft MVP - Windows Server Networking Author: _Active Directory Consultant's Field Guide_ (http://tinyurl.com/7f8ll) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Confidentiality: The contents contain privileged and/or confidential information intended for the named recipient of this email. CVGT does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email is prohibited. If you receive this email in error, please reply to us immediately and delete the document.Viruses: It is the recipient/client's duties to virus scan and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect or error. Any loss/damage incurred by using this material is not the sender's responsibility. CVGTs entire liability will be limited to resupplying the material.Please contact us at www.cvgt.com.au for further information regarding this disclaimer.

You are not authorized to post a reply.

Page 2 of 2

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] Reset Local Admin Passwords

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads