Solved

Change local admin password with GOP

Posted on 2013-12-18
5
519 Views
Last Modified: 2013-12-30
I've been looking over lots of posts on this and can't seem to nail it down.

Got a single domain with 180 laptops for students. The local "Administrator" account is disabled and we use a local account called cityadmin to log in locally with local admin rights.

I want to set up a GPO that will change the local cityadmin password.

Using Windows 08 server R2 as DC and WIndows 7 64bit Enterprise as clients.

After creating a GPO, I go to Computer - Preferences - Control Panel - Local users and groups

I create a NEW policy that updates local user cityadmin with a new password.

I link this to the OU with my machines.

I use gpupdate /force on a laptop

However, the laptop will process the user policy, but will give an error that it can't process the computer policy.

If I remove the GPO from the OU, both user and computer process fine.

Should this work?  Or will I need to go to scripting?

Thanks!
0
Comment
Question by:ejcrist
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39727539
I followed this little guide for using GPP:  http://social.technet.microsoft.com/Forums/windowsserver/en-US/b1e94909-bb0b-4e10-83a0-cd7812dfe073/change-local-administrator-password-thru-gpo?forum=winserverGP

Otherwise you can create a login script to do this which is in the link above or use this simple script:

net user administrator "local admin password"
0
 

Author Comment

by:ejcrist
ID: 39727627
Yeah, I have that exact link and followed the GPP settings.  I'd rather use GPP than a script if I can.
0
 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39727675
What you can try (since they are laptops).  Do a direct connect and try it.  What might be happening is when the gpo is pulled the system is not technically connected and logging in using cached credentials.  Then it connects to wireless so gpo would not get pulled on startup.
0
 

Author Comment

by:ejcrist
ID: 39727682
Yep, already tried that.  Still get an error when trying to apply only the Computer preference.

The user policy applies successfully.

When I disable the preference on the server, then perform another gpupdate BOTH user and computer apply successfully.
0
 
LVL 1

Accepted Solution

by:
prashantpathak earned 500 total points
ID: 39745965
0

Featured Post

Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ADFS trust for Skype 4 28
GPO denied - but why ? 6 57
Windows 10 Virtual Machine Backup 9 74
Migrate all my users to Chrome instead of IE 11 1 33
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question