Link to home
Start Free TrialLog in
Avatar of dpacheco
dpacheco

asked on

SBS 2011 workstations can use old Admin password

SBS 2011, admin password was changed, logged out and back into server with new password. The users are not administrators on their computers so someone with the admin password enters it when needed for an installation or download. The workstations are still able to use the old admin password, for how long I don't know but I'm assuming probably until the computer is restarted. Is there a way to avoid this?
Avatar of John
John
Flag of Canada image
Try changing it again and this time restart the server. This will disconnect Workstations and make them connect again
Avatar of dpacheco
dpacheco

ASKER

I'll try restarting the server, I think I did do that after changing the password but not 100% sure.
Avatar of John
John
Flag of Canada image
Make sure Workstations are logged off and once the server has restarted, ask users to restart their Workstations
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image
The Domain Administrator account password will change instantly.  If you used the same password for the LOCAL administrator accounts (and even if you didn't), your changing the domain admin account does ABSOLUTELY NOTHING for them.  If the PCs in question are disconnected from the network, then the local cached copy of the domain admin password will still work until the next time the domain admin logs in to the system.

You might want to look into the Local Administrator Password Solution (LAPS): https://www.microsoft.com/en-us/download/details.aspx?id=46899
Avatar of dpacheco
dpacheco

ASKER

The local admin account is not and has never been the same as the domain administrator, every computer has a different local admin with a different password. The PC's in question were not disconnected from the network. The workstation I tested this morning now requires the new password, neither it nor the server have been restarted. I logged in as the same user this morning as I did this afternoon, no one used the computer today. I would assume this has to do with caching the password. It sounds like I'll need to have users restart their computers each time the domain administrator password is changed or we'll need to use the local admin account when needed.
ASKER CERTIFIED SOLUTION
Avatar of John
John
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dpacheco
dpacheco

ASKER

John - the restart did not work as I didn't restart the workstation - in the morning the old password worked and in the afternoon it did not. The only thing that happened on that particular workstation is I logged on and off as a standard user. I do agree it is a cached password issue. At the next password change I will test again by selecting a couple of workstations and restart them just to make sure they are connected but not logged in, change the admin password, restart the server and log into the server with the new password. I'll then login as a user on one of the workstations and make a change that requires admin password. If it accepts the old password then I'll restart the workstation and check it again. Thanks.
Avatar of John
John
Flag of Canada image
Thanks for the update and I was happy to help you.