PC Administrator account creation and password set


I have a SBS2011 enviroment and would like to create a local administrator account (such as "local_admin") on all the PCs on the network and set them all with the same password.  I have a mixture of XP and Windows 7 PCs of various flavours.

I am thinking Group Policy but am not sure of the steps to take.

Who is Participating?
May I ask why you need such an account?
George-Author Commented:
Because I have had a couple of instances where after a windows update the PC has had to be restored to "last known good configuration" and that has broken the link to AD and i have had to log into windows as a local administrator so i can remove it from the domain, delete the PC from AD and then reattach.

Most of the machines i can hazard a good guess at the user/password but not all.
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

I would not create such an account for that reason, it is always a security flaw to have accounts that can logon to all computers unless you really need it.
If you need to unjoin/rejoin, unlock the account "administrator" using petter nordahls bootdisk and blank its password (and later undo that).

About "last known good" - what exactly are you talking about? The F8-option "last known good" is used for driver rollbacks - did it really break AD membership? Can't quite believe that.
George-Author Commented:
I can't remember the exact message but its something to do with the trust relationship with the DC.

The user said the PC rebooted and they had to take an option to "restore or something" and when it came back up they could not log into the domain.

The trouble with bootdisks is you can't do it remotly.

If you have a trust relationship issue. Detatch from the network (physically, ie network cable or wifi) and then log into the PC/laptop using the user credentials as normal. Then plug network lead back in. Make sure that the PC name is in AD and was not linked to another account ie. the laptop/pc was for an old user and now a new user has it. If so then rename PC, remove old pc name from AD and then you should be fine.

As you say, I usually have a default local user set up with a password known only to me in case i need to do a local log on to resolve and issue.
George-Author Commented:
Thanks for the advice.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.