[gptalk] Re: Local Admin Passwords

  • From: "Jakob H. Heidelberg" <jakob@xxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Sat, 1 Dec 2007 00:37:27 +0100

Hi,

With Microsoft Group Policy Preferences (former DesktopStandard PolicyMaker)
you will get the possibility to change password for local users on client
computers (XP/2003/Vista/2008).

The good news is that it will be free - if you've got your existing Windows
licenses right.
The bad news is that it will not be released until WS 2008 is released (or
the RSAT package actually).
With GPP the passwords are encrypted - how strong I don't know.

Until then you could try the script method. Script examples (but I totally
agree with Jamie regarding security):
http://www.gpanswers.com/community/viewtopic.php?p=5312
http://www.visualbasicscript.com/m_2957/tm.htm
http://www.petri.co.il/forums/archive/index.php/t-1827.html
http://www.scriptinganswers.com/archive/articles/Resetlocaladminpasswordbyus
ingstartupscript.htm
http://www.gpanswers.com/community/viewtopic.php?p=2088

I do think I saw a small application to do this more safely some time ago -
I'll get back to you if I find it.


Regards
/Jakob


-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Nelson, Jamie R Contr 72 CS/SCBAF
Sent: 1. december 2007 00:23
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Local Admin Passwords

You would want to use a group policy startup script. Not a logon script.
For security purposes, you would also want to consider encoding the
script and possibly even limiting read rights on the "scripts" folder to
only the "Domain Computers" group. VBScript encoding is not very strong,
but it is better than having it in clear text.

Regards,
Jamie Nelson



-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Eric Lanyon
Sent: Friday, November 30, 2007 5:13 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Local Admin Passwords

I am needing to change a small office's local administrator password.
I'd prefer not to touch all 30 workstations to do this.  I thought I
read at one point that this could be automated through a logon script.
Is there a better way to do this?  Maybe through a Group Policy?

Servers are running Windows 2003.
Workstations are Windows XP.


Eric

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: