A few weeks ago, Microsoft published a new tool – named “LAPS” – which is available for free. You will have the possibility to manage your local admin passwords for all your clients without special scripting. Since it’s not possible anymore to change the password through Group Policy Preferences, this is a nice way to do it.
You can schedule through GPO, when the password for the local administrator will be changed (how long it is valid…) and how complex it has to be. Every client has a different password, which is written back to the Active Directory. What’s needed and how you can configure it is written here.