asked on

Need someone to clear up a question/concern I have about using GP Preferences for local admin password resets

Hi, I was directed to this link from an earlier question, but it brought up another question that I need to be clear on before proceeding with GP Preferences.

http://abskb.wordpress.com/2009/08/30/how-to-use-group-policy-preferences-to-set-change-passwords/#comment-159

Could one use this technique by having an existing GPO for a specific OU that the desired computer objects reside and create the GP Preference to change (update) the password on the built-in local Administrator account on each system. Once confirmed the systems have updated and have the new password, just delete that GP Preference from the GPO, instead of creating a new GPO & deleting it everytime. Or does this still keep reminience of the password in the GPO?

Just want to be clear and secure.

Thanks in advance.

If I

SOLUTION

Neil Russell

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

rsnellman

ASKER

Ok, but what about the security issues/concerns of leaving it in there since it resides in the SYSVOL?

(I am not running IPSec policies at this time.)

ASKER CERTIFIED SOLUTION

Neil Russell

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

rsnellman

ASKER

I have never tried. I have not known anyone to, but when you are in a learning environment with curious students, I wouldn't put anything past them.

Just was wondering.

Thanks.

SOLUTION

Neil Russell

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

rsnellman

ASKER

OK. Thanks. I am not using login scripts with plain text passwords.

Thanks for the reassurance.

Have a great day.