Change local administrator password ? through GPO or push script ?

From: Pascal <pascal_t@xxxxxxxxxxxxxxxxxx>
Date: Sat, 21 Apr 2007 17:29:44 +0200

Hi,

I would like to change the local administrator password of every computers member of my AD domain but I am not sure of the best method.

Method 1 : Create a vbs script that points to the local computer (".") and then deploy this script by GPO.
Problem : The password is not encrypted at all and could be potentially read by any users. The solution to encrypt in vbe is not a solution neither because, as far as I know, it is quite easy to decrypt it.

Method 2 : A script executed by an administrator that scan computers accounts on the domain and then "push" the new password to them.
Problem : If a computer is not connected when the admin launch the script, the old password will still remain.

To my opinion, the first method could be the best solution (less administrative effort) if I found a way to secure the script.

What method are you using ? Do you have any advices ? :D

Thank you

--
Pascal

Follow-Ups:
- Re: Change local administrator password ? through GPO or push script ?
  - From: Myweb
- Re: Change local administrator password ? through GPO or push script ?
  - From: Richard Mueller [MVP]
- Re: Change local administrator password ? through GPO or push script ?
  - From: Adam

Prev by Date: Re: 2003 R2 SP2 problem (DNS?)
Next by Date: Re: ADMT and SID's
Previous by thread: Re: 2003 R2 SP2 problem (DNS?)
Next by thread: Re: Change local administrator password ? through GPO or push script ?
Index(es):
- Date
- Thread

Relevant Pages

Re: Change local administrator password ? through GPO or push script ?
... net user administrator %1 (%1 describes the first entry in the parameter field) ... Add this file via GPO to the Default domain policy>Computer configuration>Windows settings>Scripts, STARTUP script and set the parameter with the new parameters you like to use. ... I would like to change the local administrator password of every ... computers member of my AD domain but I am not sure of the best method. ...
(microsoft.public.windows.server.active_directory)
Re: Change local administrator password ? through GPO or push script ?
... I would like to change the local administrator password of every computers member of my AD domain but I am not sure of the best method. ... Create a vbs script that points to the local computer and then deploy this script by GPO. ... This attribute will permit to know wich admin password is configured for this machine. ...
(microsoft.public.windows.server.active_directory)
Re: To force the local admin password
... I have very strange issue with a policy. ... I would like to force the local admin password on the computers. ... So I created a policy with a script to apply when the ... The local administrator password is not changed on all computers. ...
(microsoft.public.windows.server.active_directory)
Re: How could i change all the local administrator password of my XP/2000 computers ??
... How could i change all the local administrator password of my XP/2000 computers ?? ... I have 200 computers with a local password that everybody know and i would like to change it ... ... You could do it in a computer startup script that runs ...
(microsoft.public.windowsxp.general)
Re: Change local administrator password ? through GPO or push script ?
... I would like to change the local administrator password of every computers ... A script executed by an administrator that scan computers ... Domain Computers permissions for the script, ...
(microsoft.public.windows.server.active_directory)