Re: How can I change the admin password of all our XP PC's on the doma
- From: "Cyborg" <andrewwhite@xxxxxxxxxxxxxx>
- Date: Tue, 23 Oct 2007 21:12:43 +0100
Is there a command line method to reset it as we can get LANDesk to run the script against any PC?
"Austin Osuide" <austin@xxxxxxxxxxx> wrote in message news:uWj98ZZFIHA.5272@xxxxxxxxxxxxxxxxxxxxxxx
My point exactly!
Because of the complexities involved, people sell you Enterprise Class software that helps you address the issues.
For example: http://www.liebsoft.com/index.cfm/products?id=378
Hence my initial statement that it's not an exactly straight forward or cheap to fix this.
Regards,
Austin
"Cyborg" <andrewwhite@xxxxxxxxxxxxxx> wrote in message news:FA163985-AED2-443D-9F67-DF8A53A6287C@xxxxxxxxxxxxxxxxHow exactly do you manage it then?
"Austin Osuide" <austin@xxxxxxxxxxx> wrote in message news:EE51F3C3-B622-4BE0-A6AA-E91B3D1CBF3A@xxxxxxxxxxxxxxxxAnd, if you rename the account, the users you want not to have the credentials can't tell that the admin account has been renamed by looking in computer management or asking some other friendly admin? Remember, your former passwords got shared. "Root cause" is still there.
If you also have a lock down policy so these computers can only be used for certain purposes and users do not install anything on their machines, you have a way out.
But from my experience, if you have a large enough set of users, and Admins (they are also part of this problem), you need to Actively manage local admin passwords. A rename is more "Security Theatre" in the event of a credible threat because the SIDs what's gone after and that wont change.
Regards,
Austin
"Cyborg" <andrewwhite@xxxxxxxxxxxxxx> wrote in message news:A8195110-A9EB-49CD-89F7-C5A455D68247@xxxxxxxxxxxxxxxxThis looks like a quick fix for now?
http://support.microsoft.com/kb/816109
"Austin Osuide" <austin@xxxxxxxxxxx> wrote in message news:yI8Ti.3953$TY4.3104@xxxxxxxxxxxxxxxxxxxxxxxxHi Cyborg,
You've got a problem thats really not very easy to solve (read cheap).
You have this problem because it is the nature of all but the least
inquisitive of users to want to be admins on their workstations.
If you dont give the user accounts admin privilages, they go for the local
admin account.
Now, your next problem is how do you manage the local admin account? Do you
set the same one on all workstations?
If you do that, all that needs happen is one user finding out and "word gets
around" or the document that "holds" the password gets into the wrong hands.
Regular use of the password even makes it more insecure. Will you change it
regularly on all workstations? A real procedural nightmare depending on the
size of your estate.
If you have different passwords for different workstatins, how do you
provide ready access to admins who require it?
Several home grown Apps exist which derive an admin password from the
workstation name based on some algorithm but securing the tool becomes the issue and usually, it doesnt take a rocket scientis to reverse engineer them.
So you decide to pay for some Enterprise Class tool to do this for you if especially you have thousands of boxes to visit. And there companies out there who wite apps for just that.
As an example ( not a recomendation by any way, shape or form), see: http://www.liebsoft.com/index.cfm/products?id=512.
HTH,
Austin
"Cyborg" <andrewwhite@xxxxxxxxxxxxxx> wrote in message
news:B3A473D8-D40D-4ED0-B3E8-4A034552684F@xxxxxxxxxxxxxxxx
Hi this is great, do I need to change anything in this script apart form
the "testpassword"
I take it I can then add the script to the logon part of the doamin group
policy?
"Simon" <Simon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:55FB500B-675B-426B-9E75-F3954A30DA2B@xxxxxxxxxxxxxxxx
try this as part of a logon/startup script:
strComputer = "MyComputer"
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator,
user")
objUser.SetPassword "testpassword"
objUser.SetInfo
To make it more generic, you will need to set the script to get the pc's
computer name before trying to change the password.
"Cyborg" wrote:
Somehow many of our users know the local admin password for our XP
machines,
is there a way to change this on all PC's to something else, like a
group
policy?
.
- Follow-Ups:
- Re: How can I change the admin password of all our XP PC's on the doma
- From: Jorge Silva
- Re: How can I change the admin password of all our XP PC's on the doma
- References:
- How can I change the admin password of all our XP PC's on the domain?
- From: Cyborg
- Re: How can I change the admin password of all our XP PC's on the doma
- From: Cyborg
- Re: How can I change the admin password of all our XP PC's on the doma
- From: Austin Osuide
- Re: How can I change the admin password of all our XP PC's on the doma
- From: Cyborg
- Re: How can I change the admin password of all our XP PC's on the doma
- From: Austin Osuide
- Re: How can I change the admin password of all our XP PC's on the doma
- From: Cyborg
- Re: How can I change the admin password of all our XP PC's on the doma
- From: Austin Osuide
- How can I change the admin password of all our XP PC's on the domain?
- Prev by Date: Re: Windows XP Domain Controller Selection Process
- Next by Date: Re: Site and Services - site links
- Previous by thread: Re: How can I change the admin password of all our XP PC's on the doma
- Next by thread: Re: How can I change the admin password of all our XP PC's on the doma
- Index(es):
Relevant Pages
|
Loading
