I don’t know how many times a get a questions for a script that can randomize password and change the local administrator accounts for all computers in a domain. One problem with many of the scripts you find out there is that there is no localization, the scripts are often written to be used on English operating system. Sure as long you know that all your computers is purely running English as system language you’re fine, but if you German, Finnish or Swedish you have to find an other way to find you administrator account.

The answer to this is Well know SIDs, se this KB article for more of these. In our case we are looking for administrator, S-1-5-21domain-500

image

The other problem is of cause to keep the password files safe. This example script will save a text file on a share, just make sure you keep this safe and accessible only for the right admins.
If you for example run this script with Configuration Manager it will run with system account so make sure your computer accounts have necessary permissions to write and append the files on the share and delegate read permission to you client technicians. A better solution would be to have a scheduled task to move the password files from the share and maybe write a web-frontend for easy access to the passwords.

Enough said, go get the script!

ChangeAdminPassword.ps1.REMOVE

Advertisements