GPO for administrator account

Looking to create a vb script that will enable the built in administrator account (if disabled)
Rename it too – Admin
And set a password
(Windows 7)
Would like to do this via GPO, is there a vb script option to run at startup?

Thanks
kwatt562Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Joseph MoodyBlogger and wearer of all hats.Commented:
This can be done in Group Policy.

The enable and rename settings can be found under Computer Configuration/Window Settings/Security Settings/Local Policies/Security Options/Accounts.

You can set the password with Group Policy Preferences Local Users and Groups.
0
 
kwatt562Author Commented:
The first part is OK, not sure how to set the password though as its 2003 server
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
kwatt562Author Commented:
Cancel that I have found a 2008 R2 server :) will let you know how goes, thanks  alot
0
 
McKnifeCommented:
It should be noted that using group policy preferences to set the password puts the whole lot of computers at risk because
A that password is the same everywhere
B it can be read out in plain text, so anyone with a little knowhow could own all your computers from now on if he liked to.
Read results here: https://www.google.com/search?q=gpp+password+security&sourceid=ie7&rls=com.microsoft:en-US:IE-Address&ie=&oe=
Please note that the link you were given contained that warning, too (at the very end).*

You should tell us why you need that account and what you use it for. Maybe we can tell you a better solution to achieve it.

*Just for laughs: the MVP (F. Frommherz) who in that linked article claimed we could not get our hands on a plaintext password changed his mind: http://www.frickelsoft.net/blog/?p=116

http://www.gruppenrichtlinien.de/artikel/verwaltungaenderung-der-lokalen-administratoren-kennworte/ is another tactical approach: set the pw, apply and delete the GPO afterwards so that it cannot be attacked in sysvol. Ha... that's history. Win8.1 uses GPO caching, it will have a local copy of that policy, so we have to be careful! Read http://4sysops.com/archives/group-policy-caching-in-windows-8-1/
0
 
McKnifeCommented:
The solution is no solution, sorry. Simply, because it does not work anymore. Since the patch day of may 14, for security's sake, microsoft has disabled the ability to enclose passwords in account items in group policy preferences.
0
 
McKnifeCommented:
So better look at the alternative described here: http://blogs.technet.com/b/askpfeplat/archive/2014/05/19/how-to-automate-changing-the-local-administrator-password.aspx - it holds all the background info to the change as well.
0
All Courses

From novice to tech pro — start learning today.