The PowerShell script discussed here allows you to change the local administrator password on multiple remote computers. You can also use the script to change the password of other accounts.

I still remember the days (way back in 2003-2004) when we were asked to change the local administrator password manually on all 2000+ computers in a weekend. Back then, system administrators in my region were pretty far removed from automation. But things evolved greatly after that, and system administrators started using programming languages (like VBScript) to automate tasks. Automation tasks have become much easier these days with the introduction of PowerShell.

So, let us see how we can change the local administrator password for a given list of computers using a PowerShell script.

Changing the administrator password with PowerShell ^

$password = Read-Host "Enter the password" -AsSecureString
$confirmpassword = Read-Host "Confirm the password" -AsSecureString
$pwd1_text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.
  InteropServices.Marshal]::SecureStringToBSTR($password))
$pwd2_text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.
  InteropServices.Marshal]::SecureStringToBSTR($confirmpassword))
if($pwd1_text -ne $pwd2_text) {
   Write-Error "Entered passwords are not same. Script is exiting"
exit
}

As you will notice in the above code, I am prompting to confirm the password twice so that it won’t be entered wrong and cause the script to run again. I am also reading the password in a secure manner so that no one else can see it when it is being typed. Once the password is confirmed, the next two lines of dotnet code convert the password into plain text for comparison. If the comparison fails, the script exits; otherwise, it continues.

Now that we have the password, it is time to read the list of computers from a text file.

Reading list of computers ^

if(!(Test-Path $InputFile)) {
Write-Error "File ($InputFile) not found. Script is exiting"
exit
}

$Computers = Get-Content -Path $InputFile

Before reading the text file, I am doing a small check to see if that file exists or not. If the file is not found, the script exits. Otherwise, the script reads the contents of the file using the Get-Content cmdlet and stores the list in an array called $computers.

Now that we have the list of computers, we can start changing the password for each computer. That is what the below code does.

Chaging the password on multiple computers ^

foreach ($Computer in $Computers) {
   $Computer    =    $Computer.toupper()
   $Isonline    =    "OFFLINE"
   $Status        =    "SUCCESS"
    Write-Verbose "Working on $Computer"
if((Test-Connection -ComputerName $Computer -count 1 -ErrorAction 0)) {
   $Isonline = "ONLINE"
   Write-Verbose "`t$Computer is Online"
} else { Write-Verbose "`t$Computer is OFFLINE" }

try {
   $account = [ADSI]("WinNT://$Computer/Administrator,user")
   $account.psbase.invoke("setpassword",$pwd1_text)
   Write-Verbose "`tPassword Change completed successfully"
}
catch {
  $status = "FAILED"
  Write-Verbose "`tFailed to Change the administrator password. Error: $_"
}

$obj = New-Object -TypeName PSObject -Property @{
  ComputerName = $Computer
  IsOnline = $Isonline
  PasswordChangeStatus = $Status
}

$obj | Select ComputerName, IsOnline, PasswordChangeStatus

if($Status -eq "FAILED" -or $Isonline -eq "OFFLINE") {
   $stream.writeline("$Computer `t $isonline `t $status")
}

}

I am looping through each computer account in the array and first checking if it is online or not by using the Test-Connection cmdlet. This cmdlet does a ping check by sending one ICMP packet to the computer. If the ping is successful, the script changes the password. To do that, I am using the WinNT interface, which is pretty famous from VBScript days. After I get the reference to the administrator account, I invoke a method called SetPassword to change the password. If the password change fails, the respective error will be recorded using the catch block.

That’s it. The script has done its job and you will see the result in the console.

Change administrator password PowerShell

As you’ll notice in the output, the script creates a list of computers where the password has failed. The file "failed-computers.txt" is stored in the directory where the script picked up the computers list. If you want to provide a different directory where you want to store files, just pass the directory name to the -OutputDirectory parameter while executing the script.

Download the complete script from here.

A few tips for using this script ^

Type “Get-Help .\Update-LocalAdministratorPassword.ps1 -Detailed” in a PowerShell console for help.

  • Use the -Verbose switch from the command line if you want to see the debug information and error messages at each stage.
  • Passing the file name to the script is optional. The script will prompt you for the file if you don’t pass it.
  • Using this script, you can change the password of any local account. Just replace “administrator” with the account name for which you want to change the password.
56 Comments
  1. Jason Stangroome 11 years ago

    Hi,

    That’s a useful technique but is it really a good idea to be using the same password for the local administrator account on multiple machines?

    Regards,

    Jason

  2. Author
    techibee.com 11 years ago

    I have seen many corporates using the same local administrator password for all their desktops. It is definitely not a best practice IMO, but having different password for each desktop increases the administrative work if we have more no. of desktops.

  3. John 11 years ago

    Will the password be sent clear text over the network since you convert it to do the compare?

  4. Author
    techibee.com 11 years ago

    Yes, it will be sent as clear text only. The “setpassword” invoke method I used in the script accepts the password in plain text format. The reason I am reading the password as secure string is to ensure that no one sees the password(or not readable from console cache if exists) while entering it.

  5. Siuol 10 years ago

    Is it possible to change to a unique password for each server, by using the text file which will already include a different password manually inputed next to the name of each server on the list.

  6. Dave Wood 9 years ago

    I clicked on the link to download the script “here”… when I do it shows a full page of txt, so I copy it and paste into my ISE and it pastes as one Loooong line. How do i break it up and get it to display correctly in my ISE so as to not “break” the function of the scripts?

  7. Dave, I just tried it in Chrome and I didn’t have the problem. You could also right click the link and save the ps1 file.

  8. andy 9 years ago

    I had a slight issue when I tweaked the username from “Administrator” to “admin”. For some reason logging in as admin shows Preparing Desktop, then black, then Logging Off and takes you back to the login. I was able to resolve it by deleting the account and readding it through lusrmgr.msc but was wondering if there’s something I’ve missed.

  9. Matthew Cooper 8 years ago

    How should the computer list text file be formatted, one entry per line, space separated, comma separated?

  10. Dave 8 years ago

    I ran the script and it ended up changing the password of the Domain Administrator not the local administrator. I did not modify the script in any way.

  11. Dave 8 years ago

    Never mind, fixed my issue. Thanks for the script!

  12. Author

    @Dave, Whats the issue and fix? You might want to share it to help people who commit the same.

  13. Author

    @Matthew Cooper, Apologies for late reply. It is one computer name per line.

  14. GuruLike 8 years ago

    Hi Sitaram Pamarthi ,

    Will be nice if this scipt input file like format below

    Computer name Password
    PC1 123456
    PC2 Summer!

    Very helpful if scirpt able input computer and password at same time

  15. Bill 8 years ago

    I am getting a “you cannot call a method on a null-valued expression” error while running the script for line “$stream.writeline(“$Computer `t $isonline `t $status”)”

    any thoughts?

  16. DChamp 8 years ago

    Close to what I need, but I’d like to be prompted for the password, have the password displayed and it say “are you sure this is correct?”, if I click OK, prompt me for the name of the PC. When I type it in and click OK, have it ask me once more, “Do you wish to continue?” and when I click OK, go and change the remote password. Then ask me if I’d like to change another, and loop back (or just ask me a new computer name using the same password where I could cancel if I were done).
    Thanks

  17. Thomas 8 years ago

    Thank you a lot for that script, it worked like a charm!! If you want to modify other users, you should simply change the “Administrator” name. Each line a computer/server, i just exported a list out of our ESX-Serverfarm and copied it in a plain text file.

  18. Kyle 8 years ago

    Thanks for the script! Very useful! It would be nice if the account was not available or setup on the local machine, the script creates it and sets the account password specified. Thanks again!

  19. chivas 8 years ago

    I am getting a “you cannot call a method on a null-valued expression” error while running the script for line “$stream.writeline(“$Computer `t $isonline `t $status”)”. what can i do to fix it?

  20. chivas 8 years ago

    this is my error when i run the script.
    You cannot call a method on a null-valued expression.
    At D:\\ProcessPhotos_2.ps1:41 char:4
    + $stream.writeline(“$Computer `t $isonline `t $status”)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull
    how can i fix it?

  21. Vladimir 8 years ago

    Thank you! Nice script! 🙂

  22. Pallavi 7 years ago

    i tried this script, but it didnt gave me any output. no error , no output.

  23. Bob Webb 7 years ago

    I can see this being a great script if I could get it to work! I keep getting this:

    VERBOSE: Working on HERALD-LP10
    VERBOSE: HERALD-LP10 is Online
    VERBOSE: Failed to Change the administrator password. Error: Exception calling “Invoke” with “2” argument(s): “The password does not meet the password policy requirements. Check the minimum password length, password complexity
    and password history requirements.

    Password requirements are set at the default, and I can set the local administrator password manually without generating this error.

  24. Matt D 7 years ago

    Hi! Great script! One question though… is there a way to go about encrypting the password?

  25. Edith 7 years ago

    Hi !!

    Sitaram Pamarthi, nice script thanks!

    i have an error

    how i add the credentials with administrative privilegies i think i for that the error

    my output is:

    computername isoline passwordchangestatus

    xxxxxxxxx ONLINE FAILED

    any idea?

Leave a reply to Pallavi Click here to cancel the reply

Please enclose code in pre tags

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account