Re: Changing Local Admin passwords from server ASAP
From: Dave Nickason [SBS MVP] (gwdibble_at_NOSPAM.frontiernet.net)
Date: 03/26/04
- Next message: John Bay: "RE: VPN - Error 721 - Connection Mgr"
- Previous message: Dan Moore: "Re: Has anyone tried setting up RPC over HTTP for Outlook 2003 connecting to SBS 2003?"
- In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Changing Local Admin passwords from server ASAP"
- Next in thread: Roger: "Re: Changing Local Admin passwords from server ASAP"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 26 Mar 2004 16:03:39 -0500
There's some confusion about this, and it's me that's confused. However,
when I navigate to my workstation from the SBS manage computer mmc and view
the local users, it's definitely my workstation's local accounts I'm seeing,
not domain accounts. I'm sure of this because I have a local account on
this workstation that does not exist elsewhere in the office or as a domain
account.
What I have done rather than to create local accounts is to make the user's
domain account a local admin on the workstation. That gives the user local
admin rights without increasing their rights elsewhere on the network. In
my scenario, I'd just be changing that domain account's password in AD,
rather than on each workstation. While certain domain accounts may have
increased rights in control panel/users, those rights are assigned to their
domain accounts. The only local accounts are the built-in Administrator
accounts.
For example, a new secretary is hired. I create her domain account in the
SBS console, with the minimum rights. On her workstation, I add her domain
account as a local admin. Then I install and configure everything on the
workstation, after which I knock her back to power user.
"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
wrote in message news:efSJhx2EEHA.2052@TK2MSFTNGP11.phx.gbl...
> But that's the domain user password not the local admin password. I know
> you can script this...
>
> http://www.winnetmag.com/article/articleid/3687/3687.html
>
> Dave Nickason [SBS MVP] wrote:
>> I'm pretty sure you can reset the passwords from one location, but that
>> it's a bad idea. I believe the recommendation is to do it only if
>> there's no other way into the computer. There are some processes that
>> don't like passwords to be changed in this way, and you may get some
>> unexpected results that you won't know about until it's too late. For
>> example, I know that EFS won't decrypt files with an
>> administratively-changed password, but I don't know what other functions
>> may break.
>>
>> Open the Computer Management MMC on your computer (or anywhere logged in
>> with a domain admin account). R-click the top item and connect to the
>> remote computer. Expand local users and groups and select users.
>> R-click the account - there's a password reset option. A warning will
>> pop up indicating the probable end of the world if you proceed.
>>
>>
>> "Douglas McIver" <douglas@nospam.com> wrote in message
>> news:uRxyb40EEHA.1128@TK2MSFTNGP11.phx.gbl...
>>
>>>We use a strange local admin password when we need to log into the
>>>workstations locally. That password has been compromised, so I would
>>>like
>>>to reset it to a different password as soon as possible. Where can I do
>>>that from the SBServer?
>>>
>>>Thanks,
>>>Douglas
>>>
>>>
>>
>>
>>
>
> --
> http://www.sbslinks.com/really.htm
>
- Next message: John Bay: "RE: VPN - Error 721 - Connection Mgr"
- Previous message: Dan Moore: "Re: Has anyone tried setting up RPC over HTTP for Outlook 2003 connecting to SBS 2003?"
- In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Changing Local Admin passwords from server ASAP"
- Next in thread: Roger: "Re: Changing Local Admin passwords from server ASAP"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
