GPO to change local Administrator password

Hi Guys,
We are adding some computers to a domain that currently have user specific local admin rights.
Part of the process was to enable and set a password for the local Administrator account, and then delete the old local user specific user.

The person who is doing this forgot to enable the Administrator account and deleted the original local user specific account, as a result the computer now belongs to the domain but we don't have local admin rights.

Can you please tell me how to create a GPO that would:
- Enable the  local Administrator account
- Set a new password

So that we can recover Administrative rights on this machine?

Thanks.
cargexAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrej PirmanCommented:
I am not sure I understand you correctly.
When you join computer to domain, Domain Admin group members automatically become Administrator rights users on this computer, while LOCAL computer accounts become obsolete.

So, logging into domain-member computer with any global Domain Admin user will grant you full Administrator rights for this particular computer. You can then enable local Administrator account (if it was disabled) and change its password.

But you can also do what you want via GPO following this article:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/b1e94909-bb0b-4e10-83a0-cd7812dfe073/change-local-administrator-password-thru-gpo
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
But you can also do what you want via GPO following this article:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/b1e94909-bb0b-4e10-83a0-cd7812dfe073/change-local-administrator-password-thru-gpo
This is actually no longer supported and the functionality was removed last year with a patch from MS due to security issues.
There is a new tool available that will allow you to manage and automate the local administrator accounts and password. For a detailed explanation see this article.
http://blogs.technet.com/b/askpfeplat/archive/2014/05/19/how-to-automate-changing-the-local-administrator-password.aspx
cargexAuthor Commented:
Hi Jeremy,
I just follow the instructions in the link you gave me, and the space for the "password" and "confirmed password"  is disabled (grayed out), I can't put the new password there.

Do you know why this can be happening?
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Did you actually read the article? It's greyed out because it has been disabled with a patch last year.
Toni UranjekConsultant/TrainerCommented:
Download and install LAPS

Local Administrator Password Solution (LAPS)
https://www.microsoft.com/en-us/download/details.aspx?id=46899

You will be able to set passwords for local accounts and passwords will be safely stored in Active Directory.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
@Toni
If you read through the link I posted, it goes through how to implement LAPS.
Toni UranjekConsultant/TrainerCommented:
Sorry, mate. Next time at least post name of the tool. ;)
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
No worries. I'll be sure to do that.
cargexAuthor Commented:
Thanks to all for your comments.

Toni,
This Local Administrator Password Solution (LAPS) is exactly what I need.
Never heard of that before.
Toni UranjekConsultant/TrainerCommented:
Mate, please ask mods to assign my points to Jeremy. His links mentions this tool also. ;)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.