Reader to Reader - 19 May 2000


Editor's Note: Email your scripting solutions (400 words or less) to Reader to Reader at [email protected] Please include your script and phone number. We edit submissions for style, grammar, and length. If we print your contribution, you receive $100.\]

A security concern that Windows NT administrators face is the possible compromise of the local administrator password for the workstations in their NT domains. Periodically changing this password can help ensure a network's security and integrity. I created the script AdminPwd.vbs to automatically change the local administrator password of the target workstation to a new password that you specify. In addition, the script removes invalid users from the workstation's local Administrators group. By invalid users, I mean everyone except the local administrator and the members of the Domain Administrators group. To remove invalid users, the script uses NT schema to extract the group membership information from the workstation, as Listing 1 shows. The script outputs success and failure information to a text file.

Listing 1 is an excerpt from AdminPwd.vbs. You can find the entire script in the Code Library on the Win32 Scripting Journal Web site ( I also posted this script on my Web site at To use AdminPwd.vbs, you must install Windows Script Host (WSH) 2.0 and Microsoft Active Directory Service Interfaces (ADSI) 2.5. I wrote the script for a system running NT 4.0 Service Pack 5 (SP5), but I've also tested the script on systems running SP6 and SP6a. AdminPwd.vbs includes comments that explain how to customize the script for your NT system.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.