I just find a good method to change the local admin password of client PC remotely from MCPMAG. By using this method, you don't need to put the new password in script in order to make it work. You may reference this:
SysInternals offers a free too called PsPasswd http://www.sysinternals.com/Utilities/PsPasswd.html
allows you to remotely reset passwords on a range of computers
on your network. The tool will also report successes and
failures of changed passwords, and allows you to run a single
command against a list of computers. Since the password is just
included within the syntax of a command that you run, it will
never be stored as plain text in a batch or script file.
To use PsPasswd, you'll first need a list of all computers in
your domain. To enumerate all computer objects in a domain,
you could run this script:
LogFile = "C:\computers.txt"
Const ForWriting = 2
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select Name, Location from 'LDAP://DC=mcpmag,DC=com' " _
& "Where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
Set objFSO =
Set objFile = objFSO.CreateTextFile(LogFile, ForWriting)
Do Until objRecordSet.EOF
Note that the script will output to a file named "computers.txt"
on the C drive. This could be changed by editing the LogFile
variable assignment in the first line of the script. Note that
in your environment, you will also need to change the domain
referenced in line 12. In my example, I use mcpmag.com
Once you have a list of all computers, you can then run
pspasswd.exe to change the local administrator password on
all systems in the list. Here's the syntax that I used on my
pspasswd.exe @c:\computers.txt administrator P@ssword
Following the @ symbol in the command syntax is the path to
the file containing all computer names. The next part of the
syntax is the name of the account whose password will be
changed, followed by the new password (P@ssword
Now here is the output that was generated from the command:
PsPasswd v1.21 - Local and remote password changer
Copyright (C) 2003-2004 Mark Russinovich
Sysinternals - www.sysinternals.com\\PC1
Error changing password:
The network path was not found.\\BSODME
Password for BSODME\administrator successfully changed.
Since the output will list both success and failures, you will
be able to note the systems in which the password was not
successfully changed. In my case, the system named PC1 was not
located. So I would have to ensure that PC1 was online and then
run the command a second time. (Note that PsPasswd can also be
run against a single computer.) Since the command relies on UNC
paths to connect to systems, you will need to ensure that the
target systems have File and Print Sharing enabled and that File
and Print Sharing is not being blocked by the system's firewall.
By default, the Windows XP Pro SP2 firewall does not allow File
and Print sharing. However, this can be quickly changed via
As you can see, with a simple list of computers on your network,
remotely changing the local administrator password using PsPasswd
is a relatively painless process.