Changing Passwords En Masse

A few weeks ago, I wrote about tools you can use to test password strength and to recover unknown passwords. If you missed "Password Cracking Made Easy," you can read it on our Web site.

I want to follow up with a discussion of how to change passwords across all systems on your network. The most common instance of a password that you might want to change on any number of systems is the local Administrator account password. Changing this password regularly is probably a wise idea because doing so helps prevent unwanted access to systems.

Some administrators don't care what the local Administrator account password is as long as nonadministrative employees don't know it. These admins prefer to generate a random password for each system. Other admins do want to know what the passwords are in case they need them for whatever reason. In either case, there are plenty of ways to change passwords across the board.

If you have Microsoft Systems Management Server (SMS) you could use a simple, one-line installer program code such as

Execute %SYS32%\net.exe user administrator

in which is the actual password. Another solution is to use a script, probably written in Visual Basic (VB). Several sample scripts are available on the Internet.

If you have relatively few systems and can readily create a list of those systems, you could try using the script posted at Spoogenet, at the first URL below. Or try the script posted at, at the second URL below. Or use Chwinpw (at the third URL below), a command-line tool from ITeF!x that can be integrated into a batch file or script.

If you have Active Directory (AD), you can use AD objects and a script to gain access to a list of all computers. Such a script can also be used to change the local Administrator password for all your computers. Check out the sample script posted at, at the URL below. It's short, simple, and relatively easy to understand if you're familiar with VB or other programming languages.

If you don't want to use a script and prefer a regular desktop application to do the work for you, there are probably a large number of choices, especially for enterprise networks. But if you manage a relatively small network and want a solution that doesn't carry an enterprise-class price, you could try Hyena from AMTSoftware International at the first URL below, which starts at $199. Or you might try DC PasswordChanger (DCPC), at the second URL below, which is free from Danish Company.\{4D40EC77-0788-48E7-9FB6-B81A51F70CD2\}.html

If none of these solutions fit your needs, you can scour the Internet for something different. Try using your favorite search engine to look for phrases such as "change admin passwords," "change local admin passwords," "admin passwords" + "Active directory," and you'll find numerous discussions in which people have shared their insights.

But before you do that, you might want to check the Windows IT Pro Magazine Web site to see what we've published about this topic. Use our search engine with the above phrases. The link below will take you directly to the search results for the phrase "change local administrator passwords.""

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.