Re: Changing workstation Admin password through AD

See now this isn't really safe... Anyone who can get to power user or admin level on a workstation will have a path to get that batch file and anyone with physical access to a machine can get admin regardless of what their "official" access level is. The machine has to have read access to the file in order for it to work and to get to a point where you can access sysvol as that machine isn't very difficult. Also someone could always just run a network sniffer and watch the clear text script come down over the wire.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Myweb wrote:
Hello Joey,

Add a simple batchfile to the startup script of the computer settings part (pw.bat for example).

net user administrator password

Remove domain users and everyone from the security, add only system and administrators with Full and domain computers with read and execute. If the workstation starts up the password will apply.

Best regards

Myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

I would like to do the following:
1. Rename the Administrator account
2. Change the password to the Administrator account
3. Create a dummy Administrator account
4. Disable the new account called Administrator.
I know how to rename the administrator's account, but how can I do the
other three steps without visiting each workstation. I would like to
push this out through AD if possible. Any suggestions are
appreciated.



.

Relevant Pages

  • Re: Changing workstation Admin password through AD
    ... bouncing every member server and workstation monthly is not practical. ... GPO/startup script method... ... Windows Server MVP - Directory Services ... Change the password to the Administrator account ...
    (microsoft.public.win2000.active_directory)
  • Re: How to deny Access at Clients?
    ... Thank you for using Microsofts Small Business Server newsgroups. ... understand that you want to lock a workstation down so that only two people ... It is also necessary to be very careful setting Deny ... domain Administrator account (the built in Administrator account on the ...
    (microsoft.public.windows.server.sbs)
  • Local policy does not permit you to logon interactively
    ... I had a Windows 2000 Workstation ... Windows 2000 server and I wasn't the person who configured it initially. ... not even the local administrator account (which had been working before ... I REALLY don't want to reload this system and I need to find ...
    (microsoft.public.win2000.networking)
  • Cant login
    ... Stupidly and not really paying attention to what I was ... DOMAIN (aka how you change a name on a W2K workstation). ... ADMINISTRATOR account on the workstation does not have ... Is there a way to reset that password or something that ...
    (microsoft.public.win2000.security)
  • Re: Win XP PRO-Administrator Previlages
    ... How can I restore my Admin previlages. ... Log in to the Administrator account, and reset your account as Admin level. ... If you've been using the Administrator account as the user account, well, ...
    (microsoft.public.windowsxp.help_and_support)