Re: Change local administrator password ? through GPO or push script ?

Hello Pascal,

Should work. Even if he finds the batch file via network neighborhood it will only provide %1 %2 and he can not really use this. We use in in our environment 350 user without any problem. And also the password change is very easy, only changing the parameter, that's all.

Best regards

Myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Hello Pascal,

Maybe try this one. Create a batch file pass.bat (or whatever) with
the content

net user administrator %1 (%1 describes the first entry in the
parameter field)

OR

net user %1 %2 (you also can use %1 %2 and add "Username Password" in
the parameter field (be aware of the space))

Add this file via GPO to the Default domain policy>Computer
configuration>Windows settings>Scripts, STARTUP script and set the
parameter
with the new parameters you like to use. At the next time the
workstation
starts up in the domain the local admin password get changed.
The password will only be visible for your domain admins not for the
normal
user even if he has adminpak installed. The GPO he can not open as a
normal
user.
Best regards

Myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
Hi Myweb,

indeed it could be a nice idea !
I will try on Monday to see if there is no way for a user to bypass
this and let him see the parameters defined with the GPO !
I will let you know ;)

I don't test yet but I think there is a problem.
Indeed, I will check, but startup script parameters are sent in clear text through the network so ... quite easy to find :D

--
Pascal


.

Relevant Pages

  • Re: Change local administrator password ? through GPO or push script ?
    ... Even if he finds the batch file via network neighborhood it will only provide %1 %2 and he can not really use this. ... the parameter field ) ... Add this file via GPO to the Default domain policy>Computer ... starts up in the domain the local admin password get changed. ...
    (microsoft.public.windows.server.active_directory)
  • Re: LogOff Script
    ... Enable loopback processing in a GPO ... >then associate the logon script with that loopback GPO. ... >> My batch file will do this, however I do not want the ...
    (microsoft.public.windows.group_policy)
  • Re: Change local administrator password ? through GPO or push script ?
    ... Create a batch file pass.bat with the content ... net user administrator %1 (%1 describes the first entry in the parameter field) ... Add this file via GPO to the Default domain policy>Computer configuration>Windows settings>Scripts, STARTUP script and set the parameter with the new parameters you like to use. ... The password will only be visible for your domain admins not for the normal user even if he has adminpak installed. ...
    (microsoft.public.windows.server.active_directory)
  • Group Policy for System Reboot
    ... I placed this GPO on a test GPO and tried testing it on an XP box which is ... I see the following event logs when this batch file ... Shutdown Type: reboot ... I linked the same GPO to the other OU's where the workstations need to be ...
    (microsoft.public.windows.group_policy)