Solved

Creating a script to change local administrator account in all computers on startup

Posted on 2009-03-29
4
385 Views
Last Modified: 2012-05-06
Hi everybody.

My platform consists of a Windows Server 2003 R2 domain, with several member servers, and 400 desktops/laptops computers.

Each computer runs Windows 2000 (server & professional), XP, Vista, 2003 (server).

The local administrator account had been renamed to meet corporate IT security policies.

I need to create a GPO to run a Startup or Logon script as a way to guarantee that the local admin account on each workstation or member server change as Security Officer request.

We don't want to use utilities like PDPASSWD because we want to guarantee that all machines change password independly their are online or offline.

Can you suggest me an alternative.

Thanks a lot..!
0
Comment
Question by:goltrek
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:McKnife
ID: 24013635
You say, "it had been renamed" - so what task is left, then? There are GPOs to rename that account, it's at computer config - windows settings - security settings - local policies - security options.
0
 

Author Comment

by:goltrek
ID: 24013702
Sorry, I mean: "It has been renamed". All local administrator accounts are renamed manually before the computers are delivered to users.
0
 

Author Comment

by:goltrek
ID: 24013711
And additionally I miss a phrase: That we need is to change all local administrator passwords remotely and automatically.
0
 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
ID: 24013754
Take a domain startup script that goes
net user administrator newpassword
net user newadminname newpassword
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now