Solved

Change local admin password with GOP

Posted on 2013-12-18
5
517 Views
Last Modified: 2013-12-30
I've been looking over lots of posts on this and can't seem to nail it down.

Got a single domain with 180 laptops for students. The local "Administrator" account is disabled and we use a local account called cityadmin to log in locally with local admin rights.

I want to set up a GPO that will change the local cityadmin password.

Using Windows 08 server R2 as DC and WIndows 7 64bit Enterprise as clients.

After creating a GPO, I go to Computer - Preferences - Control Panel - Local users and groups

I create a NEW policy that updates local user cityadmin with a new password.

I link this to the OU with my machines.

I use gpupdate /force on a laptop

However, the laptop will process the user policy, but will give an error that it can't process the computer policy.

If I remove the GPO from the OU, both user and computer process fine.

Should this work?  Or will I need to go to scripting?

Thanks!
0
Comment
Question by:ejcrist
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39727539
I followed this little guide for using GPP:  http://social.technet.microsoft.com/Forums/windowsserver/en-US/b1e94909-bb0b-4e10-83a0-cd7812dfe073/change-local-administrator-password-thru-gpo?forum=winserverGP

Otherwise you can create a login script to do this which is in the link above or use this simple script:

net user administrator "local admin password"
0
 

Author Comment

by:ejcrist
ID: 39727627
Yeah, I have that exact link and followed the GPP settings.  I'd rather use GPP than a script if I can.
0
 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39727675
What you can try (since they are laptops).  Do a direct connect and try it.  What might be happening is when the gpo is pulled the system is not technically connected and logging in using cached credentials.  Then it connects to wireless so gpo would not get pulled on startup.
0
 

Author Comment

by:ejcrist
ID: 39727682
Yep, already tried that.  Still get an error when trying to apply only the Computer preference.

The user policy applies successfully.

When I disable the preference on the server, then perform another gpupdate BOTH user and computer apply successfully.
0
 
LVL 1

Accepted Solution

by:
prashantpathak earned 500 total points
ID: 39745965
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question