I just find a good method to change the local admin password of client PC remotely from MCPMAG. By using this method, you don't need to put the new password in script in order to make it work. You may reference this:

SysInternals offers a free too called PsPasswd
http://www.sysinternals.com/Utilities/PsPasswd.html , which
allows you to remotely reset passwords on a range of computers
on your network. The tool will also report successes and
failures of changed passwords, and allows you to run a single
command against a list of computers. Since the password is just
included within the syntax of a command that you run, it will
never be stored as plain text in a batch or script file.

To use PsPasswd, you'll first need a list of all computers in
your domain. To enumerate all computer objects in a domain,
you could run this script:

LogFile = "C:\computers.txt"
Const ForWriting = 2
Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select Name, Location from 'LDAP://DC=mcpmag,DC=com' " _
& "Where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Set objFSO =
CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile(LogFile, ForWriting)

Do Until objRecordSet.EOF
objFile.WriteLine objRecordSet.Fields("Name").Value
objRecordSet.MoveNext
Loop

Note that the script will output to a file named "computers.txt"
on the C drive. This could be changed by editing the LogFile
variable assignment in the first line of the script. Note that
in your environment, you will also need to change the domain
referenced in line 12. In my example, I use mcpmag.com
(DC=mcpmag,DC=com).

Once you have a list of all computers, you can then run
pspasswd.exe to change the local administrator password on
all systems in the list. Here's the syntax that I used on my
test network:

pspasswd.exe @c:\computers.txt administrator P@ssword!

Following the @ symbol in the command syntax is the path to
the file containing all computer names. The next part of the
syntax is the name of the account whose password will be
changed, followed by the new password (P@ssword!).

Now here is the output that was generated from the command:

PsPasswd v1.21 - Local and remote password changer
Copyright (C) 2003-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

\\PC1:
Error changing password:
The network path was not found.

\\BSODME:
Password for BSODME\administrator successfully changed.

Since the output will list both success and failures, you will
be able to note the systems in which the password was not
successfully changed. In my case, the system named PC1 was not
located. So I would have to ensure that PC1 was online and then
run the command a second time. (Note that PsPasswd can also be
run against a single computer.) Since the command relies on UNC
paths to connect to systems, you will need to ensure that the
target systems have File and Print Sharing enabled and that File
and Print Sharing is not being blocked by the system's firewall.
By default, the Windows XP Pro SP2 firewall does not allow File
and Print sharing. However, this can be quickly changed via
Group Policy.

As you can see, with a simple list of computers on your network,
remotely changing the local administrator password using PsPasswd
is a relatively painless process.