Re: Easy question on the local admin passwords




Steven L Umbach wrote:
With a Group Policy "startup" script users do not need read access to the
script in sysvol. You can remove authenticated users and add domain
computers with read/list/execute instead. You will also have a potential
problem in that the startup script will not be run until the computer is
restarted on the domain. You might want to use different local administrator
password on the laptops than the workstations. --- Steve

Thanks Steve,

That seems to be a more secure solution.
But I think it is still trivial to circumvent.
Any user that manages to run a script under LocalSystem (for any
reason) can acces the administrator password in clear text. As I can
trust totally all the workstations (there are some of them that are
operated by knowledgeable users with administrative rights) I would
prefer do not offer the password in that manner.

.



Relevant Pages

  • Re: How could i change all the local administrator password of my XP/2000 computers ??
    ... How could i change all the local administrator password of my XP/2000 computers ?? ... I have 200 computers with a local password that everybody know and i would like to change it ... ... You could do it in a computer startup script that runs ...
    (microsoft.public.windowsxp.general)
  • Re: Change local administrator password ? through GPO or push script ?
    ... net user administrator %1 (%1 describes the first entry in the parameter field) ... Add this file via GPO to the Default domain policy>Computer configuration>Windows settings>Scripts, STARTUP script and set the parameter with the new parameters you like to use. ... I would like to change the local administrator password of every ... computers member of my AD domain but I am not sure of the best method. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Change local administrator password ? through GPO or push script ?
    ... I would like to change the local administrator password of every computers member of my AD domain but I am not sure of the best method. ... Create a vbs script that points to the local computer and then deploy this script by GPO. ... This attribute will permit to know wich admin password is configured for this machine. ...
    (microsoft.public.windows.server.active_directory)
  • "The local policy of this system doesnt permit you to logon interactively" on workstation
    ... All users except administrator get this error: "The local policy of this ... There is no problems for all users on other computers. ... I checked local policy on one of the workstations: ...
    (microsoft.public.windows.server.sbs)
  • Re: Change local administrator password ? through GPO or push script ?
    ... I would like to change the local administrator password of every computers ... A script executed by an administrator that scan computers ... Domain Computers permissions for the script, ...
    (microsoft.public.windows.server.active_directory)