Comments (15)

  1. Anonymous says:

    I had issues with this script due to the fact that the $user variable is being defined twice.  (Once at the beginning and then again in the foreach loop.  I had to change the initial $user variable to be named something different and this resolved it.  

  2. G says:

    Is there a script that does this already created Ive never done Powershell and need a secure way of changing Local admin  passwords on multibule machines.  

  3. J says:

    is there a way to incorporate the "does not expire" and "user cannot change password" options in this.  Thanks.

  4. Brad Hoppe says:

    # ADS_USER_FLAG_ENUM Enumeration # http://msdn.microsoft.com/en-us/library/aa772300(VS.85).aspx $ADS_UF_SCRIPT = 1 # 0x1 $ADS_UF_ACCOUNTDISABLE = 2 # 0x2 $ADS_UF_HOMEDIR_REQUIRED = 8 # 0x8 $ADS_UF_LOCKOUT = 16 # 0x10 $ADS_UF_PASSWD_NOTREQD = 32 # 0x20
    $ADS_UF_PASSWD_CANT_CHANGE = 64 # 0x40 $ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 128 # 0x80 $ADS_UF_TEMP_DUPLICATE_ACCOUNT = 256 # 0x100 $ADS_UF_NORMAL_ACCOUNT = 512 # 0x200 $ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 2048 # 0x800 $ADS_UF_WORKSTATION_TRUST_ACCOUNT
    = 4096 # 0x1000 $ADS_UF_SERVER_TRUST_ACCOUNT = 8192 # 0x2000 $ADS_UF_DONT_EXPIRE_PASSWD = 65536 # 0x10000 $ADS_UF_MNS_LOGON_ACCOUNT = 131072 # 0x20000 $ADS_UF_SMARTCARD_REQUIRED = 262144 # 0x40000 $ADS_UF_TRUSTED_FOR_DELEGATION = 524288 # 0x80000 $ADS_UF_NOT_DELEGATED
    = 1048576 # 0x100000 $ADS_UF_USE_DES_KEY_ONLY = 2097152 # 0x200000 $ADS_UF_DONT_REQUIRE_PREAUTH = 4194304 # 0x400000 $ADS_UF_PASSWORD_EXPIRED = 8388608 # 0x800000 $ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 16777216 # 0x1000000 # Rename the Administrator
    account $account = ([adsi]"WinNT://$computer/$oldAdmin") $account.psbase.rename($newAdmin) # Set Administrator password to not expire $newFlags = $account.UserFlags.value -bor $ADS_UF_DONT_EXPIRE_PASSWD $account.UserFlags.value = $newFlags $account.commitChanges()

  5. Sathishkumar M says:

    am using Ip address instead of computername in the textfile.I couldn’t change the password on the remote computer. Am getting the error as below
    The following exception occurred while retrieving member "SetPassword": "The user name could not be
    found.
    "
    At line:7 char:19
    + $user.SetPassword <<<< ($Password)
    + CategoryInfo : NotSpecified: (:) [], ExtendedTypeSystemException
    + FullyQualifiedErrorId : CatchFromBaseGetMember

    The following exception occurred while retrieving member "SetInfo": "The user name could not be fou
    nd.
    "
    At line:8 char:15
    + $user.SetInfo <<<< ()

    But this works fine in local computer.. Do i need to check anything in remote computer???

  6. Kiran says:

    Thanks for share this script , my requirement is I need to change the Local Admin password of the remote server i.e. I need to change the OLD password to new password .

    Note :- All my host are not in Domain .

  7. Dave C says:

    This is so very close to what I want.
    I’m looking for this script, except I want it only to change the local administrator password on a remote PC. I want it to ask me for the new password, then ask me the computername. It will then ask if I’m sure, and when I click OK, it’ll change it. THEN, it’ll
    ask for another PC name, and use that same password on the second one (until I hit cancel).
    Possible?

  8. Rich says:

    Ok, so here’s a small conundrum I ran into. I’m prompting for a password, and then a confirmation, then comparing strings, and then setting the password if the strings match. If not the script quits. For my password prompts, I’m using -assecurestring.
    However, whenever I use it, the strings do not match. If I leave it off they match. Any idea why this occurs, or how I can address the issue of not typing in passwords visible to people around me, and also filling the confirmation requirement so as not to
    set the password on all my workstations to something nobody knows..

  9. H says:

    How do you make the password different for each account?

  10. Barbie says:

    The ChangeUserPassword.ps1 script works well, but I get no output for the results (success or failure). I’ve tried write-output, verbose, etc and I just get a blank results file. What am I doing wrong?

  11. Eash says:

    Anyway to set the password hint, if it is not a domain machine?

  12. TheDon says:

    To Barbie: I also would like to have a log file of results, account/psw changed, or not changed.

  13. Eshe says:

    I have been able to successfully change user passwords, however, when attempting to change a user account password that requires a password change at first logon, I get access denied. The scenario is: Local Administrator account (the only account that
    exists on the machine), has a default password that requires change on first logon.I was attempting to use the known Admin credential to run the password change as a script block through Invoke-Command and get ‘Access Denied.’ Assistance would be appreciated.

  14. eysfilm says:

    Thanks for the script. Had to do some tweaks to get it to work. Had to change the $User variable to $changeuser as it was conflicting with other variable.
    Also added in option to prompt for password and echo Computer name it’s changing (to help log errors).

    $computers = Get-Content -path C:tempcomputer-list.txt
    $changeuser = "administrator"
    $password = Read-Host -Prompt "Enter new password for the user"

    Foreach($computer in $computers)
    {
    echo $computer
    $user = [adsi]"WinNT://$computer/$changeuser,user"
    $user.SetPassword($Password)
    $user.SetInfo()
    }

  15. Suri says:

    Wonderful script … it will be helpful …
    But had one more addition into it. Can we modify to import different password for same account in each system?

Skip to main content