Subscribe to Windows IT Pro
March 25, 2002 12:00 AM

Using Cusrmgr to Change Local Administrator Passwords

Sean Daily
Windows IT Pro
InstantDoc ID #24210
Rating: (3)

I need to change the local Administrator password on 50 computers within my domain. Can I automate this process?

Virtually all comprehensive enterprise network-administration tools can accomplish this task. If you want a small tool that performs only this function, consider a program such as Foghorn Security's Local Account Password Manager (LAPM). For details, visit http://www.foghornsecurity.com/lapm.

For a do-it-yourself solution, you can use the Microsoft Windows 2000 Server Resource Kit's Cusrmgr utility to remotely change the properties—including the password—of a Win2K or Windows NT 4.0 domain user account. To process account changes on multiple servers or workstations, you can use cusrmgr.exe from within a batch (i.e., .cmd or .bat) file. For example, to change the local Administrator password to mypass on the computers ws1 and ws2, you can run a batch file that includes the following commands:

cusrmgr.exe -u administrator -m \\WS1 -P mypass
cusrmgr.exe -u administrator -m \\WS2 -P mypass

This example assumes that the Administrator account is still set to the default of Administrator and that you have administrative privileges on both systems. Also, the -P switch is case sensitive (the lowercase -p switch sets the account password to a random string).

You can use a slightly modified version of this batch file to rename the Administrator account and change its password simultaneously. For example, to rename the account to BigKahuna and change the password to mypass, run a batch file including the following commands:

cusrmgr.exe -u Administrator -m \\WS1 -r BigKahuna -P mypass
cusrmgr.exe -u Administrator -m \\WS2 -r BigKahuna -P mypass

To accomplish your task, generate a list of the domain computers on which you want to change the local Administrator password, then save the results into a file. (You can use a utility such as Netdom—netdom.exe, available with the Win2K Support Tools or in the Microsoft Windows NT Server 4.0 Resource Kit—and a tiny bit of scripting to carry out this step. See http://www.jsiinc.com/subg/tip3400/rh3459.htm for an example of a batch file that uses Netdom to perform a similar task, or see Darren Mar-Elia, "10 Resource Kit Remote Administration Tools," April 2001, InstantDoc ID 20046, for more information about the tool.) Then, create a batch file that uses cusrmgr.exe to change the local Administrator account password for each computer in the list.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • SETH
    6 years ago
    Apr 09, 2006

    I heartily second Micheals comments above. Along the same lines, I can't tell you how many times I've nearly blown a fuse after learning that a software package or utility requires NetBIOS to function properly. SIX FREAKIN' YEARS after it was supposedly made unnecessary with the release of Windows 2000. I believe the active directory migration tool falls into this category.

  • Michael
    7 years ago
    Mar 23, 2005

    What everyone, including the author, failed to mention is a very important prerequisite: File and Printer Sharing must be installed and enabled on the computers where you want to change the passwords. I install File and Printer Sharing on every PC in my domain, BUT only enable it on those that actually have something to share. So this command (cusrmgr) doesn't really help so much.

    Unfortunately, many tools and utilities require this, and many articles here and at the MSKB and elsewhere just assume that if you have a domain then you must have F&PS enabled. That's just not the case. (I mean, why should I have all those ADMIN$ and C$ shares out there for people to hack at?) The frustrating thing is that they don't even bother to mention that you have to have F&PS enabled.

    I know this comment is coming 3 years after the original article. I'm just so frustrated with finding new tools that can do great things, but then don't work. Then I have to spend my time researching and experimenting only to learn that either F&PS has to be enabled, or services x, y, and z have to be running. It would just really be nice if everyone in IT (including Microsoft) would clearly state a tool's prerequisites up front without making any assumptions.

    Sorry for venting.. I feel better now.

  • Anonymous User
    7 years ago
    Mar 07, 2005

    cusrmgr.exe is part of the Windows 2000 Server Resource Kit

  • Anonymous User
    7 years ago
    Jan 19, 2005

    this doesnot work in my pc it gives the error named "'cusrmgr.exe' is not recognized as an internal or external command,
    operable program or batch file."

  • Todd Harris
    8 years ago
    Jun 09, 2004

    I found a nice utility that automates this process, "Batch User Manager" from a company called ZenSoft:

    http://www.zensoft.com/utilities_system_bum.html

    It's a simple point-and-click solution. It creates a log file of all the changes, too, for auditing purposes.

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.