This tool will let you generate a report if you want to know the age of the local administrator's password.

You can query a single computer, computers from a text list or an Active Directory container. You also have the option of a recursive search through Active Directory. Click here to see a short video of PWDMan generating a password age report.

Click here to see a short video of PWDMan changing passwords.

Installation:
Extract all files to any directory.  You may want to add a shortcut to your desktop or start menu. You must run this from a local directory and not over the network or you will get all types of security warnings.  To remove, simply delete all the files from the directory.

Notes:
This HTA requires at least Windows 2000 (preferably XP). You must run this tool with administrator credentials on the systems you want to manage. You must also be able to remotely manage the system, such as through the computer management console. If you can't do that, this tool won't work.

If you opt to verify computer is running first, this feature uses the WMI Win32_Ping class. You must be running the HTA on XP/2003 and the target computer must be running XP or 2003. You can still use this tool for Windows 2000 systems, you just can't use the WMI ping feature.

This utility will run under Vista and you can query a Vista machine. However, you cannot browse for a text file or use the Export to CSV features.

To Use:
Select "Computer", "text file" or "Active Directory" from the drop down box. "Computer" defaults to the local computer but you can type in any computer name you want. All you need is the NETBios name. You can enter multiple names separated by commas. Or you can select a text file that contains a columnar list of computer names, like this:

Server01
Server02
Desk03

If the file is not is the same directory as the HTA, enter the full filename and path or use the Browse button. Browsing for files is only supported on Windows XP/2003. This is not available on Vista.

if querying Active Directory you have an option to recurse from the starting OU path. Use with CAUTION. If you have a lot of obsolete computer accounts or systems that are not available, you'll get incomplete results and the report will take a long time to generate. It is strongly recommended that you use the Verify option.

If you select Log failures, a text list will be created in the same folder as PWDMan with all the computers where there was some sort of failure. The filename will be autogenerated with the current time. You could use these files as the source for another attempt at a future date.

In Account Information, enter in the name of the local account (in case you've renamed the Administrator account) you want to manage. If you select Report Only, then either the single computer or list of computers will be queried and a table will display the account and how old the password is in days. I've added a password age alarm. This is the number of days that you find acceptable for a password age. Any password ages equal to or greater than this value will be displayed in red to make it easier to identify.

To change the password, enter in the new password and confirm it.  Select Change Passwords and the Go!. You may want to click the Show Password button if you want a sanity check so you know exactly what password you are setting. Once the password is set you may not be able to change it again for 1 or more days depending on your domain password policy.

THE TOOL DOES NOT VALIDATE THE PASSWORD AGAINST ANY PASSWORD POLICIES YOU MIGHT HAVE.

PLEASE TEST IN A NON-PRODUCTION ENVIRONMENT TO MAKE SURE YOU UNDERSTAND EXACTLY HOW TO USE THIS TOOL!!!!!

You can download the zip file here.  The current version is 1.4.1 If you click on the title (Password Reset Manager) you'll get version information. If you have an older version, re-download it.  I'm working on an updated video preview.

Version History:

Feedback, Questions, Comments, and Concerns to jhicks@jdhitsolutions.com