esbfern
asked on
How to mass change local admin password
All,
I'm looking for a way to change the local admin password on over 5000 machines. I know this can be scripted as a VB script and linked to a GPO. The problem with that way is if someone opens up GPMC and finds the Group Policy linked to their computer they can then browse to the location of that vbscript and open the file up and see what the password is. I like how the Group Policy way will catch comptuers as they come onto the network and i know there are tools out there that you can run once against an OU and catch those computers who are online, but that doesn't take care of the comptuers who aren't turned on. Any ideas of an application or a way to do this to make it both secure and automated?
Many Thanks,
I'm looking for a way to change the local admin password on over 5000 machines. I know this can be scripted as a VB script and linked to a GPO. The problem with that way is if someone opens up GPMC and finds the Group Policy linked to their computer they can then browse to the location of that vbscript and open the file up and see what the password is. I like how the Group Policy way will catch comptuers as they come onto the network and i know there are tools out there that you can run once against an OU and catch those computers who are online, but that doesn't take care of the comptuers who aren't turned on. Any ideas of an application or a way to do this to make it both secure and automated?
Many Thanks,
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Different mechanism, passwords aren't stored in a readable format. That's the whole point of using GPP versus a script, which would allow anyone with read access to the script to read the password.
ASKER
Cool, I didn't know if you went to the settings tab of the GPO where the policy is set, that it would show you an encripted version of the actual password.
Ok so in my environment we have 2k3 Domain Controllers. There are Vista with SP1 machines on our network. So by what you're saying, i should be good to go pending this "down-level CSE". What is this?
Ok so in my environment we have 2k3 Domain Controllers. There are Vista with SP1 machines on our network. So by what you're saying, i should be good to go pending this "down-level CSE". What is this?
ASKER
I like it!! You deserve 500 points!
ASKER
LauraEHunterMVP:
I've got this setup and when i check the event logs it says this action can not be preformed on built-in accounts. How can I get around this? See attached file.
GPO-Error.bmp
I've got this setup and when i check the event logs it says this action can not be preformed on built-in accounts. How can I get around this? See attached file.
GPO-Error.bmp
Active Directory
Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER