Re: Computer startup script credencial


"jef cesar" <jefbaetens@xxxxxxxxx> wrote in message
news:de4f5e4e-f345-4e99-8c2e-01d8be8832b5@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On 16 jan, 14:28, jef cesar <jefbaet...@xxxxxxxxx> wrote:
On 16 jan, 11:53, "Richard Mueller [MVP]" <rlmueller-





nos...@xxxxxxxxxxxxxxxxxxxx> wrote:
"jef cesar" <jefbaet...@xxxxxxxxx> wrote in message

news:d68f9d3d-41f3-4ba6-bc6e-1ff5d16099a0@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I need to know witch user the GPO COMPUTER STARTUP script uses on the
affeted machine.

I once was told it`s the SYSTEM acount, is this true?

Startup scripts run with System privileges on the local computer, and
the
permissions of the domain computer object elsewhere in the domain.

--
Richard Mueller
MVP Directory Services
Hilltop Lab -http://www.rlmueller.net
--

I denied DOMAIN/users to view a script that modifies their local
administrator password. I hope it still works :)

--
jef

It didn`t work.

I need to have a STARTUP script that the computer can execute but the
user cannot see in the domain server`s SYSVOL share.

The script changes the local administrator acount and the password is
within the script in clear text.

It would make more sense to change the local administrator passwords
yourself remotely. If you are a member of the group "Domain Admins", you
should have sufficient permissions. By default, the group "Domain Admins" is
added to the local Administrators group when the computer is joined to the
domain. A VBScript program, for example, can change the password by binding
to the computer object and invoking the SetPassword method. For example:
======
strComputer = "ABC1001"

Set objAdmUser = GetObjet("WinNT://" & strComputer & "/Administrator,user")
objAdmUser.SetPassword "xZy321$w"
=========
For example, see this link:

http://www.microsoft.com/technet/scriptcenter/scripts/ds/local/users/lousvb02.mspx

The use of SetInfo in the link is not necessary (the SetPassword method
operates immediately), but it doesn't hurt. It would be easy to script this
to modify the local Administrator password for computers in bulk. The
computer names could be read from a text file, for example.

Otherwise, I would deny the trustee "Domain\Domain Users", but grant
permissions to "Domain\Domain Admins".


.

Relevant Pages

  • Re: Change Password
    ... Only same level admin group can change administrator password. ... power users change administrator password? ... I want to change the Local Administrator's password by logon script. ... How to change the Local Administrator password? ...
    (microsoft.public.windows.server.scripting)
  • Re: Changing Local Admin PW not running on w2k pro
    ... > I would like to change the local Administrator password for all our ... clients from a log-in script. ... The script might work better as a Startup script, ... permissions on the local machine and can generally set these passwords. ...
    (microsoft.public.scripting.wsh)
  • Re: cant get access to disk share when connecting from a remote s
    ... The systems are DUTs. ... for each of the drives within the system. ... Everything in the scripts work except the file permissions below the shares ... the shares on the DUTs manually, after they run my rename script, but I would ...
    (microsoft.public.windows.server.scripting)
  • Re: VBA Script to Read WMP 11 Database
    ... The script failed on the desktop when I downloaded WMP11, ... Just reviewing the bidding -- WMP 11 responds properly to commands in a VBS ... That's why the computer wouldn't let me manually change the permissions. ... Digital Media MVP: 2004-2007 ...
    (microsoft.public.windowsmedia)
  • Re: VBA Script to Read WMP 11 Database
    ... The script failed on the desktop when I downloaded WMP11, ... Just reviewing the bidding -- WMP 11 responds properly to commands in a VBS ... That's why the computer wouldn't let me manually change the permissions. ... The CREATOR OWNER is likely on windows to be one of the admin accounts ...
    (microsoft.public.windowsmedia)