The built-in administrator password on desktop computers is probably one of the weakest points in every corporate network. A while back, I gave some hints on how to treat the local administrator password.
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
- Automatically mount an NVMe EBS volume in an EC2 Linux instance using fstab - Mon, Feb 21 2022
The most important advice certainly is to change the password regularly. Since Windows still doesn’t come with the built-in functionality to reset the local password network-wide, you need a third-party tool. There are sophisticated desktop management tools such as Desktop Central Manage Engine and AutoAdministrator that let you perform such tasks easily. An alternative is the free command line utility Passgen, and yet another option is the graphical tool NetWrix Bulk Password Reset.
The main advantages of commercial solutions is that you don’t have to bother with exporting and importing computer names from Active Directory and that you can schedule password changes. This is especially important if you change the local administrator regularly, which is highly recommended.
NetWrix Bulk Password Reset is a fairly simple tool. You only have to specify the user account names and the new password. The computer names have to be entered manually or can be imported from a text file. You can use CSVDE or LDIFDE to export a list of computer accounts from Active Directory.
There also is a commercial version that supports workgroup environments, re-processing of failed password resets, scheduled processing, and account en/disabling.