Quote:

startup script to run in the local system context and reset itself.



He is running NT4 which doesn't really support any type of GPO that would allow a local admin password change.

Now that doesn't mean that possibly some type of local policy might be able to be crafted.
Have never looked into that myself as I've not had the need.

Normally rarely run into the issue and I'm on a 2003 AD myself.

If I have to I use Ultimate Boot CD 4 Windows with a tool to reset the local admin password.

If this is happening so many times that you need a policy or some type of automation then you really
need to get back control of your network and rethink security.