Hi all,

Today I got a request to reset Local Admin password from Windows XP and Windows 7 machines.

After Microsoft released this update https://support.microsoft.com/en-us/kb/2962486?wa=wsignin1.0 Group Policy Preferences stopped working as a way to reset Local passwords.

So below is a script that will do the job. You can run it from a server with domain admin rights and kaboom! You will have a new Local Admin password.

#=============================
Clear-Content C:pathservers.txt
get-adcomputer -SearchBase “ou=whatever,dc=domain,dc=local” |
ForEach-Object {add-content
-path C:pathservers.txt
-value $_.Name}
##============================
#Set-PasswordOnServers.ps1
$erroractionpreference =
“SilentlyContinue”
$date =
Get-Date
foreach ($strComputer
in get-content
C:pathservers.txt)
{
$ping =
new-object System.Net.NetworkInformation.Ping
$Reply =
$null
$Reply =
$ping.send($strComputer)
if($Reply.status -like
‘Success’)
{
$admin=[adsi](“WinNT://”
+ $strComputer
+ “/administrator,
user”)
$admin.psbase.invoke(“SetPassword”,
“NEW LOCAL ADMIN PASSWORD HERE”)
Add-Content -path
C:pathservers-reset.txt -Value “Administrator-password
on $strComputer reset $date”
}
}