The PowerShell script discussed here allows you to change the local administrator password on multiple remote computers. You can also use the script to change the password of other accounts.

Sitaram Pamarthi

Sitaram Pamarthi is working as a Windows Engineer and his special fields of interest are PowerShell, Active Directory, Exchange, and virtualization.

I still remember the days (way back in 2003-2004) when we were asked to change the local administrator password manually on all 2000+ computers in a weekend. Back then, system administrators in my region were pretty far removed from automation. But things evolved greatly after that, and system administrators started using programming languages (like VBScript) to automate tasks. Automation tasks have become much easier these days with the introduction of PowerShell.

So, let us see how we can change the local administrator password for a given list of computers using a PowerShell script.

Changing the administrator password with PowerShell ^

As you will notice in the above code, I am prompting to confirm the password twice so that it won’t be entered wrong and cause the script to run again. I am also reading the password in a secure manner so that no one else can see it when it is being typed. Once the password is confirmed, the next two lines of dotnet code convert the password into plain text for comparison. If the comparison fails, the script exits; otherwise, it continues.

Now that we have the password, it is time to read the list of computers from a text file.

Reading list of computers ^

if(!(Test-Path $InputFile)) {Write-Error "File ($InputFile) not found. Script is exiting"exit}

$Computers = Get-Content -Path $InputFile

Before reading the text file, I am doing a small check to see if that file exists or not. If the file is not found, the script exits. Otherwise, the script reads the contents of the file using the Get-Content cmdlet and stores the list in an array called $computers.

Now that we have the list of computers, we can start changing the password for each computer. That is what the below code does.

Chaging the password on multiple computers ^

I am looping through each computer account in the array and first checking if it is online or not by using the Test-Connection cmdlet. This cmdlet does a ping check by sending one ICMP packet to the computer. If the ping is successful, the script changes the password. To do that, I am using the WinNT interface, which is pretty famous from VBScript days. After I get the reference to the administrator account, I invoke a method called SetPassword to change the password. If the password change fails, the respective error will be recorded using the catch block.

That’s it. The script has done its job and you will see the result in the console.

Change administrator password PowerShell

As you’ll notice in the output, the script creates a list of computers where the password has failed. The file "failed-computers.txt" is stored in the directory where the script picked up the computers list. If you want to provide a different directory where you want to store files, just pass the directory name to the -OutputDirectory parameter while executing the script.

Download the complete script from here.

A few tips for using this script ^

Type “Get-Help .\Update-LocalAdministratorPassword.ps1 -Detailed” in a PowerShell console for help.

  • Use the -Verbose switch from the command line if you want to see the debug information and error messages at each stage.
  • Passing the file name to the script is optional. The script will prompt you for the file if you don’t pass it.
  • Using this script, you can change the password of any local account. Just replace “administrator” with the account name for which you want to change the password.

Join the 4sysops PowerShell group!

Your question was not answered? Ask in the forum!

1+
Share
43 Comments
  1. ketan 4 years ago

    How to add multiple computer name and password in below script
    please help me

    0

  2. megamobileman 4 years ago

    Good Stuff Sitaram Pamarthi,  Much obliged for the info..

    0

  3. Sameer 4 years ago

    Am getting error below error when I run the script

    At C:\Users\scha\Desktop\Set-Password.ps1:3 char:73
    + $pwd1_text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.
    +                                                                         ~
    Missing ] at end of attribute or type literal.
    At C:\Users\scha\Desktop\Set-Password.ps1:3 char:74
    + $pwd1_text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.
    +                                                                          ~
    Missing ')' in method call.
    At C:\Users\scha\Desktop\Set-Password.ps1:4 char:3
    +   InteropServices.Marshal]::SecureStringToBSTR($password))
    +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Unexpected token 'InteropServices.Marshal]::SecureStringToBSTR' in expression or statement.
    At C:\Users\scha\Desktop\Set-Password.ps1:4 char:58
    +   InteropServices.Marshal]::SecureStringToBSTR($password))
    +                                                          ~
    Unexpected token ')' in expression or statement.
    At C:\Users\scha\Desktop\Set-Password.ps1:5 char:73
    + $pwd2_text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.
    +                                                                         ~
    Missing ] at end of attribute or type literal.
    At C:\Users\scha\Desktop\Set-Password.ps1:5 char:74
    + $pwd2_text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.
    +                                                                          ~
    Missing ')' in method call.
    At C:\Users\scha\Desktop\Set-Password.ps1:6 char:3
    +   InteropServices.Marshal]::SecureStringToBSTR($confirmpassword))
    +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Unexpected token 'InteropServices.Marshal]::SecureStringToBSTR' in expression or statement.
    At C:\Users\schabbi99\Desktop\Set-Password.ps1:6 char:65
    +   InteropServices.Marshal]::SecureStringToBSTR($confirmpassword))
    +                                                                 ~
    Unexpected token ')' in expression or statement.
    + CategoryInfo          : ParserError: (:) [], ParseException
    + FullyQualifiedErrorId : EndSquareBracketExpectedAtEndOfAttribute

    0

  4. Dineshkumar M 3 years ago

    HI I checked this script. Its working but i cant change multiple computers. i given my host name and other two host name. But password changed only my host machine. another two shows Failed. Even that computers is online and same network. Kindly help on this.

    Thanks

    1+

  5. Adnan 3 years ago

    i tried the script and seems to failing any ideas

    PS D:\Windows> .\Update-LocalAdministratorPassword.ps1 D:\Windows\Computers.txt -Verbose
    VERBOSE: Working on webserver
    VERBOSE:     webserver is Online
    VERBOSE:     Failed to Change the administrator password. Error: Exception calling "Invoke" with "2" argument(s): "The network path was not found.
    "

    Failed computers list is saved to D:\Windows\failed-computers.txt
    ComputerName IsOnline PasswordChangeStatus
    ------------ -------- --------------------
    webserver     ONLINE   FAILED

    3+

  6. Henry 2 years ago

    Thanks for the script!   It worked for me like a champ.  Very smooth!

    HJ

    0

  7. Deepak Roy 2 years ago

    Hi Guys,

    I have modified the script to read computer names from text file and will display results with detailed error also which will give you csv output

    4+

  8. Hamid Jafary 8 months ago

    Gents,

    Tnx for this nice script. I have a question;

    Is this correct?  $Isonline = "OFFLINE"

    Shoudn't be  like this?  $Isonline = "ONLINE"

    Greetings,

    Hamid

    0

    • Luc Fullenwarth 8 months ago

      @hamid
      Yes the name of the variable is missleading.
      It would have been easier to read it the value of the $IsOnline variable would have been $True or $False.
      But in this script, the value of $IsOnline can be either 'OFFLINE' or 'ONLINE'.
      The final result is the same. It's just more difficult to read...

      1+

      • Mark 6 months ago

        i simply did a replace all on "IsOnline" and change it to "Availability"

        0

  9. Hamid 8 months ago

    Tnx Luc for your explanation!

    1+

    Users who have LIKED this comment:

    • avatar
  10. gopi 6 months ago

    server,username,password , each server with seperate password for give username in  csv file

     

    thanks in advance

    0

  11. Anil 6 months ago

    Hi Sitharam, I have used some scripts from Sysops..i am looking for Com+ application services shutdown and start command. I know this is not correct mail that i should ask..

    0

  12. Mark 6 months ago

    worked without issue, flawless, thank you much..

    0

  13. jaya 5 months ago

    thanks helpful

    0

  14. Martin 4 weeks ago

    $account = [ADSI]("WinNT://$Computer/Administrator,user") - When I check $account after this, it returns an error "format-default : The following exception occurred while retrieving member "distinguishedName": "Unknown error (0x80005000)". Hence the value $account is empty.

    0

  15. David Figueroa 3 weeks ago

    Has the local administrator account been renamed?

    Coralon

    0

    • Martin 1 day ago

      The issue was quite simple. The "WinNT" part IS case sensitive.

      0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2019

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account