Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 82
  • Last Modified:

How to randomize Local Administrator password on clients and servers?

How to randomize Local Administrator password on clients and servers centrally?
0
ITO-
Asked:
ITO-
  • 6
  • 4
  • 3
1 Solution
 
arnoldCommented:
To what end?

You could use a computer GPO that includes the startup script that runs a vbs or a simple net user directive to set administartor password, though this might be moot given the administrator account is disabled since window 7/server 2012 if not disallowed in windows 8.

You could similarly disable this account.

Not sure what type of randomization.
Do you need that information recorded anywhere?
0
 
ITO-Author Commented:
Yes actually i'm looking for a solution that does this. like record it in an attribute in AD or a DB.
0
 
McKnifeCommented:
You can have a startscript set a randomized password with a simple script:
net user administrator /random >\\server\share\%computername%.txt
The password will be 8 letters, like kjd!gT7h22, it will be logged to a file. That file share should be made write-only for domain computers and only readable for domain admins.

If that is not long enough, I ask you, why secure it, when it's disabled anyway?
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
ITO-Author Commented:
Why disabled? sometimes its required when disjoin/join is required.
0
 
McKnifeCommented:
When disjoin is required, you enable it on demand, there's no valid reason for keeping it enabled.
0
 
ITO-Author Commented:
how you will enable it? when disjoin/join is required this mean that you cannot login to the machine anymore to enable it.
0
 
McKnifeCommented:
If you are not able to logon using a domain admin, you simply boot the famous nordahl cd and enable the admin and blank its password - as simple as that.
0
 
arnoldCommented:
When a domain based system is off the network, cached credentials  (domain) will work.
Administrator then is a place holder for an administrative local account?
0
 
ITO-Author Commented:
yes but when a computer lose trust relationship with the domain, even cashed credentials wont work right?
0
 
arnoldCommented:
No, so long as a DC can not be reached, cached credentials will be valid and allow login.

The determinate of the loss of trust is the DC and not the system onto which one wants to login.
0
 
ITO-Author Commented:
LAPS (Local Administrator Password Solution) from Microsoft is a solution for my requirements.
0
 
ITO-Author Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for ITO-'s comment #a40731943

for the following reason:

No other solution was provided.
0
 
McKnifeCommented:
If you don't find http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28610602.html#a40590506 is a solution, then please tell me why. It randomizes the password and is controlled centrally.

Please remember: forum members are volunteers. If you see someone made effort to help and he answers your questions (at least to his understanding) and all you do is call it a non-solution, this will not serve the community spirit.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 6
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now