Re[2]: disclosure the administrative password

• Previous message: Tom Milliner: "RE: Password Protected Screen Saver and Administrative Password"
• In reply to: Mike Groh: "Re: disclosure the administrative password"
• Next in thread: cyberpixl: "Re: disclosure the administrative password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Mike Groh <lists@mikegroh.net>
Date: Wed, 09 Feb 2005 05:29:35 +0300

Hi there.

> The workstation admin idea sounds good to me. I want to do it in my
> network. Is there a way to easily push this policy to the workstations.

You can use startup script (Computer configuration - Windows settings - Scripts) to create user's account and add them into local administrators group.
For example

net user localadmin /add
net localgroup administrators localadmin /add

Because startup scripts executed under machine account it will have enough rights to create account and change group membership.
But you should not assign administrators password in the script because in this case password will be specified in clear text and any user can find and use it.
But you can use script to automatic assign passwords for created accounts from trusted workstation. See http://www.security.nnov.ru/articles/war/ for example of the script.

(c)oded by offtopic@mail.ru

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Tom Milliner: "RE: Password Protected Screen Saver and Administrative Password"
• In reply to: Mike Groh: "Re: disclosure the administrative password"
• Next in thread: cyberpixl: "Re: disclosure the administrative password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]