Automated changing of local admin password on workstations?

  • Thread starter Thread starter Barkley Bees
  • Start date Start date
B

Barkley Bees

We want to ensure that all workstations (XP/2000) in our Active Directory
environment have their local Administrator passwords set to our specified
value. What would be the best way (best practice) to implement this
(Logon/Startup script, GPO, SMS, etc)? Appreciate any advice.
 
Howdie!

Barkley said:
We want to ensure that all workstations (XP/2000) in our Active Directory
environment have their local Administrator passwords set to our specified
value. What would be the best way (best practice) to implement this
(Logon/Startup script, GPO, SMS, etc)? Appreciate any advice.
Click to expand...

Try to not script that with Group Policy - you'd have to put the
password in plain text into the script. When scripting, use the %1
parameter to pass the password as a parameter to the script - that way
it won't stick there in plain text.

There are a few tools out there you might want to use.. PsPwd is one of
them I guess - other scripts from the scripting guys are around.

cheers,

Florian
 
We run a remote script and push it out to all workstations. You don't want
to run it as a login script because you can see the password. We just read
all workstations from the root of the domain and run a script, we kick out
an error report of all machines that don't connect.

http://www.microsoft.com/technet/scriptcenter/resources/qanda/oct04/hey1015.mspx

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Florian Frommherz said:
Howdie!



Try to not script that with Group Policy - you'd have to put the
password in plain text into the script.
Click to expand...

My two cents? I know it's officially "bad practice," but since I do this as
a startup script nobody can see it, and the script itself is stored in a
location nobody but me/admins can access anyway, so I guess I don't
personally worry about it that much - esp. as it's only for local accounts
on workstations. :-)
 
Back
Top