Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

GPO for administrator account

Posted on 2014-04-21
7
Medium Priority
?
300 Views
Last Modified: 2014-06-12
Looking to create a vb script that will enable the built in administrator account (if disabled)
Rename it too – Admin
And set a password
(Windows 7)
Would like to do this via GPO, is there a vb script option to run at startup?

Thanks
0
Comment
Question by:kwatt562
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 40012441
This can be done in Group Policy.

The enable and rename settings can be found under Computer Configuration/Window Settings/Security Settings/Local Policies/Security Options/Accounts.

You can set the password with Group Policy Preferences Local Users and Groups.
0
 

Author Comment

by:kwatt562
ID: 40012492
The first part is OK, not sure how to set the password though as its 2003 server
0
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 2000 total points
ID: 40012522
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:kwatt562
ID: 40012540
Cancel that I have found a 2008 R2 server :) will let you know how goes, thanks  alot
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40013702
It should be noted that using group policy preferences to set the password puts the whole lot of computers at risk because
A that password is the same everywhere
B it can be read out in plain text, so anyone with a little knowhow could own all your computers from now on if he liked to.
Read results here: https://www.google.com/search?q=gpp+password+security&sourceid=ie7&rls=com.microsoft:en-US:IE-Address&ie=&oe=
Please note that the link you were given contained that warning, too (at the very end).*

You should tell us why you need that account and what you use it for. Maybe we can tell you a better solution to achieve it.

*Just for laughs: the MVP (F. Frommherz) who in that linked article claimed we could not get our hands on a plaintext password changed his mind: http://www.frickelsoft.net/blog/?p=116

http://www.gruppenrichtlinien.de/artikel/verwaltungaenderung-der-lokalen-administratoren-kennworte/ is another tactical approach: set the pw, apply and delete the GPO afterwards so that it cannot be attacked in sysvol. Ha... that's history. Win8.1 uses GPO caching, it will have a local copy of that policy, so we have to be careful! Read http://4sysops.com/archives/group-policy-caching-in-windows-8-1/
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40129873
The solution is no solution, sorry. Simply, because it does not work anymore. Since the patch day of may 14, for security's sake, microsoft has disabled the ability to enclose passwords in account items in group policy preferences.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40129921
So better look at the alternative described here: http://blogs.technet.com/b/askpfeplat/archive/2014/05/19/how-to-automate-changing-the-local-administrator-password.aspx - it holds all the background info to the change as well.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question