Group Polisy not work

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi there,

I have a batch file "net user administrator newpassword" which is for
changing the local administrator password. This batch file works on the local
computer, but not work via the group policy/computer settings/startup or user
settings/logon script. Can someone tell me where I can look into this
problem? Is there a log for group policy to check the error message?

Thanks in advance!

Lisa
 
Hi,
I have a batch file "net user administrator newpassword" which is for
changing the local administrator password. This batch file works on the local
computer, but not work via the group policy/computer settings/startup or user
settings/logon script. Can someone tell me where I can look into this
problem?
Click to expand...

It´s not a problem with your GPO, its a problem of "net user"
It works on the local system if you start it manually as an admin,
because the net user command needs a user environment.
If you apply it in a computer startup script the script will run
in the system context and this one can´t change the admin password
anylonger. (It was possible with NT4 and 2K, AFAIR)

If you want to change the local admin passwords, take a look at:
http://www.gruppenrichtlinien.de/tools/PasswordChange_local.zip

This tool can push passwords to a single system or to any system
in a IP range. It´s a german GUI, but I think you can handle it.


MArk
 
Hi Mark, thank you for your reply. If "net user" needs user environment, why
does it not work for logon script? the user has the local administrator
rights, it should work when login, right?

Thanks,

Lisa
 
Hi,
Hi Mark, thank you for your reply. If "net user" needs user environment,
why does it not work for logon script? the user has the local administrator
rights, it should work when login, right?
Click to expand...

Right. As a user login script it should work, if the user has
local admin rights. But the user must have the permission to
"read" the script to start, so he can take a look inside and
get the password. Perhaps this is not what you want.
But it doesn´t matter if he has admin rights, because he can
change it to anything he want ... ;-)

Mark
 
Back
Top