Link to home
Start Free TrialLog in
Avatar of Fabiano Vidal Rocha
Fabiano Vidal Rocha

asked on

Administrator account of Windows 10 dont't change.

I have some computers Windows 10 and the major part is Windows 7.
DC is Server 2008.
When we change the password of administrator, all computers wiht WIndows 7 changed, but with Windows 10 didn't change nothing.
All user administrator must has the same password.
Can you help me
Thanks - Fabiano (Brazil)
Avatar of Michael Machie
Michael Machie
Flag of United States of America image

Hi, we need clarification.

1) When changing a User account password on the DC it does not change on the local computers itself.
2) When you log into a PC where the Domain Admin can use the Domain Admin credentials to log in, then it will work as long as the PC can communicate with the Domain Controller.
3) If the PC cannot contact the Domain Controller at the time of logon, then the changed Domain Admin password will not work.
4) If it previously allowed you to log in via a Domain Admin credential you should try the old password to see if access is granted. If so, your PC is not talking to the DC for the updated authentication and is instead using cached credentials.
5) If your PC is not Domain Connected (not a Domain Computer), the Domain Admin credential will never work, only LOCAL Admin credentials will using the local admin account.

It appears to me that your Win10 PCs are not Domain Connected and your Win7 machines are. Please confirm.

Questions:
1) Are your Win10 PCs connected to the Domain?
2) When logging in fails, do you receive a message of any type other than the credentials failed?
Such as, "Communication with the Domain Controller cannot be made" or, "Domain Services unavailable" or, "The trust relationship between the computer and the Domain Controller is not available"?
3) Are you changing the Local Admin account password on the PCs or are you changing the Domain Admin password on the DC?

Please advise.
Avatar of Fabiano Vidal Rocha
Fabiano Vidal Rocha

ASKER

Hello, thanks for helping me....
All the computers is in domain, I need to change the password of the local administrator account.
For example, if I change the password, and put to change the password, it's ok, the GPO send this change, but if in GPO I change de password of local admin, nothing happen. Windows 7 computers change normally, but Windows 10 computer mantain the same password.
ok, thanks for clarifying - I was not on the same page as you and now am..

You are using Windows Server GPO to force the local admin password change on Win10. I believe the registry settings are different for Win10 versus Win7 so it may be that another registry key edit needs to be added to change for Win10. I have seen similar issues in Win10 vs. Win7.

I will dig in a bit more and in the meantime, are the Win10 machines in an OU that has this GPO linked to it? You may have checked that but to be sure run a GPRESULT to verify the WIN10 machine is pulling the policy.

Open CMD
type: gpresult /r  [ENTER]
- This will display all of the GPOs that this machine has pulled and applied. If the GPO you created for this purpose is not showing under the section "Applied Group Policy Objects" then that is your problem and will need to dig into that. If not visible, start by testing the connection and force the GP Policies to update.

On a Win10 machine:
CMD
gpupdate /force  [ENTER]
It will display a message that it successfully updates or it did not.

- If not, then that is your problem - you cannot update policies.
- If it succeeds, check 'gpresult /r' again and verify the policy has applied.
- If it updates policy but this policy does not apply, then verify the GPO is linked to the OU where the PC resides or move the PC into an OU that is linked.
- You also want to make sure the GPO is able to be read by Authenticated Users:
Picture of READ access permissions to the GPO by Authenticated Users

Let me know.
ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You should NOT ever use the Local Administrator account. That was disabled and locked down in Windows 10.

Do not use this.

Make a different user name as local admin account and make it member of Administrators Group. Then it should work as you want.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- David Johnson CD MVP (https:#a42543049)
-- McKnife (https:#a42543335)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer