Re: Changing workstation Admin password through AD
- From: "Ken Aldrich" <supportw@xxxxxxxxxxxxxxx>
- Date: Mon, 7 May 2007 09:40:34 -0500
Joe,
Those are great points and it is good for you to mention them. I see that
startup script method recommended a lot on forums and I wonder how many
people realize what you have said.
The other point is that in many organizations machines do not get rebooted
very often... or even logged off. In that case, how can you be sure that
passwords are being updated? Or that the password ages will be relatively
similar? The only way to be sure is to force a reboot of everyone's
computers... that just does not fly in many organizations. There are better
methods available in that environment.
--
Ken Aldrich
DSRAZOR for Windows
Visual Click Software, Inc.
www.visualclick.com
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:uM9wr$DkHHA.4676@xxxxxxxxxxxxxxxxxxxxxxx
See now this isn't really safe... Anyone who can get to power user or
admin level on a workstation will have a path to get that batch file and
anyone with physical access to a machine can get admin regardless of what
their "official" access level is. The machine has to have read access to
the file in order for it to work and to get to a point where you can
access sysvol as that machine isn't very difficult. Also someone could
always just run a network sniffer and watch the clear text script come
down over the wire.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Myweb wrote:
Hello Joey,
Add a simple batchfile to the startup script of the computer settings
part (pw.bat for example).
net user administrator password
Remove domain users and everyone from the security, add only system and
administrators with Full and domain computers with read and execute. If
the workstation starts up the password will apply.
Best regards
Myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
I would like to do the following:
1. Rename the Administrator account
2. Change the password to the Administrator account
3. Create a dummy Administrator account
4. Disable the new account called Administrator.
I know how to rename the administrator's account, but how can I do the
other three steps without visiting each workstation. I would like to
push this out through AD if possible. Any suggestions are
appreciated.
.
- Follow-Ups:
- Re: Changing workstation Admin password through AD
- From: Brian Desmond [MVP]
- Re: Changing workstation Admin password through AD
- References:
- Re: Changing workstation Admin password through AD
- From: Myweb
- Re: Changing workstation Admin password through AD
- From: Joe Richards [MVP]
- Re: Changing workstation Admin password through AD
- Prev by Date: Re: Restrict users to save on desktop using Group policy
- Next by Date: Re: Changing workstation Admin password through AD
- Previous by thread: Re: Changing workstation Admin password through AD
- Next by thread: Re: Changing workstation Admin password through AD
- Index(es):
Relevant Pages
|
