Fabiano Vidal Rocha
asked on
Administrator account of Windows 10 dont't change.
I have some computers Windows 10 and the major part is Windows 7.
DC is Server 2008.
When we change the password of administrator, all computers wiht WIndows 7 changed, but with Windows 10 didn't change nothing.
All user administrator must has the same password.
Can you help me
Thanks - Fabiano (Brazil)
DC is Server 2008.
When we change the password of administrator, all computers wiht WIndows 7 changed, but with Windows 10 didn't change nothing.
All user administrator must has the same password.
Can you help me
Thanks - Fabiano (Brazil)
ASKER
Hello, thanks for helping me....
All the computers is in domain, I need to change the password of the local administrator account.
For example, if I change the password, and put to change the password, it's ok, the GPO send this change, but if in GPO I change de password of local admin, nothing happen. Windows 7 computers change normally, but Windows 10 computer mantain the same password.
All the computers is in domain, I need to change the password of the local administrator account.
For example, if I change the password, and put to change the password, it's ok, the GPO send this change, but if in GPO I change de password of local admin, nothing happen. Windows 7 computers change normally, but Windows 10 computer mantain the same password.
ok, thanks for clarifying - I was not on the same page as you and now am..
You are using Windows Server GPO to force the local admin password change on Win10. I believe the registry settings are different for Win10 versus Win7 so it may be that another registry key edit needs to be added to change for Win10. I have seen similar issues in Win10 vs. Win7.
I will dig in a bit more and in the meantime, are the Win10 machines in an OU that has this GPO linked to it? You may have checked that but to be sure run a GPRESULT to verify the WIN10 machine is pulling the policy.
Open CMD
type: gpresult /r [ENTER]
- This will display all of the GPOs that this machine has pulled and applied. If the GPO you created for this purpose is not showing under the section "Applied Group Policy Objects" then that is your problem and will need to dig into that. If not visible, start by testing the connection and force the GP Policies to update.
On a Win10 machine:
CMD
gpupdate /force [ENTER]
It will display a message that it successfully updates or it did not.
- If not, then that is your problem - you cannot update policies.
- If it succeeds, check 'gpresult /r' again and verify the policy has applied.
- If it updates policy but this policy does not apply, then verify the GPO is linked to the OU where the PC resides or move the PC into an OU that is linked.
- You also want to make sure the GPO is able to be read by Authenticated Users:
Picture of READ access permissions to the GPO by Authenticated Users
Let me know.
You are using Windows Server GPO to force the local admin password change on Win10. I believe the registry settings are different for Win10 versus Win7 so it may be that another registry key edit needs to be added to change for Win10. I have seen similar issues in Win10 vs. Win7.
I will dig in a bit more and in the meantime, are the Win10 machines in an OU that has this GPO linked to it? You may have checked that but to be sure run a GPRESULT to verify the WIN10 machine is pulling the policy.
Open CMD
type: gpresult /r [ENTER]
- This will display all of the GPOs that this machine has pulled and applied. If the GPO you created for this purpose is not showing under the section "Applied Group Policy Objects" then that is your problem and will need to dig into that. If not visible, start by testing the connection and force the GP Policies to update.
On a Win10 machine:
CMD
gpupdate /force [ENTER]
It will display a message that it successfully updates or it did not.
- If not, then that is your problem - you cannot update policies.
- If it succeeds, check 'gpresult /r' again and verify the policy has applied.
- If it updates policy but this policy does not apply, then verify the GPO is linked to the OU where the PC resides or move the PC into an OU that is linked.
- You also want to make sure the GPO is able to be read by Authenticated Users:
Picture of READ access permissions to the GPO by Authenticated Users
Let me know.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You should NOT ever use the Local Administrator account. That was disabled and locked down in Windows 10.
Do not use this.
Make a different user name as local admin account and make it member of Administrators Group. Then it should work as you want.
Do not use this.
Make a different user name as local admin account and make it member of Administrators Group. Then it should work as you want.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- David Johnson CD MVP (https:#a42543049)
-- McKnife (https:#a42543335)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- David Johnson CD MVP (https:#a42543049)
-- McKnife (https:#a42543335)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
1) When changing a User account password on the DC it does not change on the local computers itself.
2) When you log into a PC where the Domain Admin can use the Domain Admin credentials to log in, then it will work as long as the PC can communicate with the Domain Controller.
3) If the PC cannot contact the Domain Controller at the time of logon, then the changed Domain Admin password will not work.
4) If it previously allowed you to log in via a Domain Admin credential you should try the old password to see if access is granted. If so, your PC is not talking to the DC for the updated authentication and is instead using cached credentials.
5) If your PC is not Domain Connected (not a Domain Computer), the Domain Admin credential will never work, only LOCAL Admin credentials will using the local admin account.
It appears to me that your Win10 PCs are not Domain Connected and your Win7 machines are. Please confirm.
Questions:
1) Are your Win10 PCs connected to the Domain?
2) When logging in fails, do you receive a message of any type other than the credentials failed?
Such as, "Communication with the Domain Controller cannot be made" or, "Domain Services unavailable" or, "The trust relationship between the computer and the Domain Controller is not available"?
3) Are you changing the Local Admin account password on the PCs or are you changing the Domain Admin password on the DC?
Please advise.