Change the local administrator password on multiple computers with PowerShell

The PowerShell script discussed here allows you to change the local administrator password on multiple remote computers. You can also use the script to change the password of other accounts.

Sitaram Pamarthi By Sitaram Pamarthi - Fri, January 13, 2012 - 9 comments

Sitaram Pamarthi is working as a Windows Engineer and his special fields of interest are PowerShell, Active Directory, Exchange, and virtualization.

I still remember the days (way back in 2003-2004) when we were asked to change the local administrator password manually on all 2000+ computers in a weekend. Back then, system administrators in my region were pretty far removed from automation. But things evolved greatly after that, and system administrators started using programming languages (like VBScript) to automate tasks. Automation tasks have become much easier these days with the introduction of PowerShell.

So, let us see how we can change the local administrator password for a given list of computers using a PowerShell script.

Changing the administrator password with PowerShell

As you will notice in the above code, I am prompting to confirm the password twice so that it won’t be entered wrong and cause the script to run again. I am also reading the password in a secure manner so that no one else can see it when it is being typed. Once the password is confirmed, the next two lines of dotnet code convert the password into plain text for comparison. If the comparison fails, the script exits; otherwise, it continues.

Now that we have the password, it is time to read the list of computers from a text file.

Reading list of computers

$Computers = Get-Content -Path $InputFile

Before reading the text file, I am doing a small check to see if that file exists or not. If the file is not found, the script exits. Otherwise, the script reads the contents of the file using the Get-Content cmdlet and stores the list in an array called $computers.

Now that we have the list of computers, we can start changing the password for each computer. That is what the below code does.

Chaging the password on multiple computers

I am looping through each computer account in the array and first checking if it is online or not by using the Test-Connection cmdlet. This cmdlet does a ping check by sending one ICMP packet to the computer. If the ping is successful, the script changes the password. To do that, I am using the WinNT interface, which is pretty famous from VBScript days. After I get the reference to the administrator account, I invoke a method called SetPassword to change the password. If the password change fails, the respective error will be recorded using the catch block.

That’s it. The script has done its job and you will see the result in the console.

Change administrator password PowerShell

As you’ll notice in the output, the script creates a list of computers where the password has failed. The file “failed-computers.txt” is stored in the directory where the script picked up the computers list. If you want to provide a different directory where you want to store files, just pass the directory name to the -OutputDirectory parameter while executing the script.

Download the complete script from here.

A few tips for using this script

Type “Get-Help .\Update-LocalAdministratorPassword.ps1 -Detailed” in a PowerShell console for help.

  • Use the -Verbose switch from the command line if you want to see the debug information and error messages at each stage.
  • Passing the file name to the script is optional. The script will prompt you for the file if you don’t pass it.
  • Using this script, you can change the password of any local account. Just replace “administrator” with the account name for which you want to change the password.
-1+1 (+1 rating, 1 votes)
Loading ... Loading ...
Your question wasn't answered? Please ask in the new 4sysops forum!

9 Comments- Leave a Reply

  1. Hi,

    That’s a useful technique but is it really a good idea to be using the same password for the local administrator account on multiple machines?



  2. says:

    I have seen many corporates using the same local administrator password for all their desktops. It is definitely not a best practice IMO, but having different password for each desktop increases the administrative work if we have more no. of desktops.

  3. John says:

    Will the password be sent clear text over the network since you convert it to do the compare?

  4. says:

    Yes, it will be sent as clear text only. The “setpassword” invoke method I used in the script accepts the password in plain text format. The reason I am reading the password as secure string is to ensure that no one sees the password(or not readable from console cache if exists) while entering it.

  5. Siuol says:

    Is it possible to change to a unique password for each server, by using the text file which will already include a different password manually inputed next to the name of each server on the list.

  6. Dave Wood says:

    I clicked on the link to download the script “here”… when I do it shows a full page of txt, so I copy it and paste into my ISE and it pastes as one Loooong line. How do i break it up and get it to display correctly in my ISE so as to not “break” the function of the scripts?

  7. Dave, I just tried it in Chrome and I didn’t have the problem. You could also right click the link and save the ps1 file.

  8. andy says:

    I had a slight issue when I tweaked the username from “Administrator” to “admin”. For some reason logging in as admin shows Preparing Desktop, then black, then Logging Off and takes you back to the login. I was able to resolve it by deleting the account and readding it through lusrmgr.msc but was wondering if there’s something I’ve missed.

  9. Matthew Cooper says:

    How should the computer list text file be formatted, one entry per line, space separated, comma separated?

Please share your thoughts in a comment!


Lost your password?