Sign in with
Sign up | Sign in
Your question

Synchronize local administrator passwords using Group Policy

Last response: in Windows 2000/NT
Share
Anonymous
October 6, 2004 6:45:16 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I've seen some refereces to sites such as:

http://web.mit.edu/is/topics/windows/server/winmitedu/e...

who claim to have custom adm templates to achive this. Does anyone have
any idea HOW they are doing this or where I can get a copy of one of
these administrative templates? MIT has not been forthcoming but I hate
to re-invent the wheel if someone else knows how they are doing this.

(Yes - I know the password will be readable by domain users - this is
mostly for educational purposes)

Thanks
Chip
October 6, 2004 6:45:17 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

You can change the local admin password with a line in a startup script:

net user administrator %1

Put the password in the "Parameters" box for the startup script.




"Chip Andrews" <"chip <-removethis-> wrote in message
news:es2ReU9qEHA.2888@TK2MSFTNGP14.phx.gbl...
> I've seen some refereces to sites such as:
>
>
http://web.mit.edu/is/topics/windows/server/winmitedu/e...
>
> who claim to have custom adm templates to achive this. Does anyone have
> any idea HOW they are doing this or where I can get a copy of one of
> these administrative templates? MIT has not been forthcoming but I hate
> to re-invent the wheel if someone else knows how they are doing this.
>
> (Yes - I know the password will be readable by domain users - this is
> mostly for educational purposes)
>
> Thanks
> Chip
Anonymous
October 6, 2004 8:48:09 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thanks Phil - that is currently how I have implemented it. However, the
MIT approach "appears" to be more elegant. For starters, the "script"
approach you mentioned only takes effect when the machine is restarted.
This is not desireable if you have machines that have uptimes in weeks
and months. You want something that will update the local admin
passwords in the GP update window.

My primary reason for inquiry is HOW are they doing this since it
doesn't appear to be via a startup script or other "shell" mechanism.

Any other takers?

Chip


Phil wrote:
> You can change the local admin password with a line in a startup script:
>
> net user administrator %1
>
> Put the password in the "Parameters" box for the startup script.
>
>
>
>
> "Chip Andrews" <"chip <-removethis-> wrote in message
> news:es2ReU9qEHA.2888@TK2MSFTNGP14.phx.gbl...
>
>>I've seen some refereces to sites such as:
>>
>>
>
> http://web.mit.edu/is/topics/windows/server/winmitedu/e...
>
>>who claim to have custom adm templates to achive this. Does anyone have
>>any idea HOW they are doing this or where I can get a copy of one of
>>these administrative templates? MIT has not been forthcoming but I hate
>>to re-invent the wheel if someone else knows how they are doing this.
>>
>>(Yes - I know the password will be readable by domain users - this is
>>mostly for educational purposes)
>>
>>Thanks
>>Chip
>
>
>
Anonymous
October 7, 2004 8:38:22 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Chip Andrews <null@null.com> said

> Thanks Phil - that is currently how I have implemented it. However, the
> MIT approach "appears" to be more elegant. For starters, the "script"
> approach you mentioned only takes effect when the machine is restarted.
> This is not desireable if you have machines that have uptimes in weeks
> and months. You want something that will update the local admin
> passwords in the GP update window.
>
> My primary reason for inquiry is HOW are they doing this since it
> doesn't appear to be via a startup script or other "shell" mechanism.
>

You don't know what they have loaded on their OS. They could have a service
installed that periodically reads a registry key (set by the GP) to determine
whether or not to reset the local admin password and what to set it to.

Such a service would be quite simple to write, could be distributed by
another GPO or built into the OS image, and would do exactly what they have
described.

--
Andy.
!