Synchronize local administrator passwords using Group Policy

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I've seen some refereces to sites such as:

http://web.mit.edu/is/topics/windows/server/winmitedu/extensions.html#rootpass

who claim to have custom adm templates to achive this. Does anyone have
any idea HOW they are doing this or where I can get a copy of one of
these administrative templates? MIT has not been forthcoming but I hate
to re-invent the wheel if someone else knows how they are doing this.

(Yes - I know the password will be readable by domain users - this is
mostly for educational purposes)

Thanks
Chip
3 answers Last reply
More about synchronize local administrator passwords group policy
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    You can change the local admin password with a line in a startup script:

    net user administrator %1

    Put the password in the "Parameters" box for the startup script.


    "Chip Andrews" <"chip <-removethis-> wrote in message
    news:es2ReU9qEHA.2888@TK2MSFTNGP14.phx.gbl...
    > I've seen some refereces to sites such as:
    >
    >
    http://web.mit.edu/is/topics/windows/server/winmitedu/extensions.html#rootpass
    >
    > who claim to have custom adm templates to achive this. Does anyone have
    > any idea HOW they are doing this or where I can get a copy of one of
    > these administrative templates? MIT has not been forthcoming but I hate
    > to re-invent the wheel if someone else knows how they are doing this.
    >
    > (Yes - I know the password will be readable by domain users - this is
    > mostly for educational purposes)
    >
    > Thanks
    > Chip
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Thanks Phil - that is currently how I have implemented it. However, the
    MIT approach "appears" to be more elegant. For starters, the "script"
    approach you mentioned only takes effect when the machine is restarted.
    This is not desireable if you have machines that have uptimes in weeks
    and months. You want something that will update the local admin
    passwords in the GP update window.

    My primary reason for inquiry is HOW are they doing this since it
    doesn't appear to be via a startup script or other "shell" mechanism.

    Any other takers?

    Chip


    Phil wrote:
    > You can change the local admin password with a line in a startup script:
    >
    > net user administrator %1
    >
    > Put the password in the "Parameters" box for the startup script.
    >
    >
    >
    >
    > "Chip Andrews" <"chip <-removethis-> wrote in message
    > news:es2ReU9qEHA.2888@TK2MSFTNGP14.phx.gbl...
    >
    >>I've seen some refereces to sites such as:
    >>
    >>
    >
    > http://web.mit.edu/is/topics/windows/server/winmitedu/extensions.html#rootpass
    >
    >>who claim to have custom adm templates to achive this. Does anyone have
    >>any idea HOW they are doing this or where I can get a copy of one of
    >>these administrative templates? MIT has not been forthcoming but I hate
    >>to re-invent the wheel if someone else knows how they are doing this.
    >>
    >>(Yes - I know the password will be readable by domain users - this is
    >>mostly for educational purposes)
    >>
    >>Thanks
    >>Chip
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Chip Andrews <null@null.com> said

    > Thanks Phil - that is currently how I have implemented it. However, the
    > MIT approach "appears" to be more elegant. For starters, the "script"
    > approach you mentioned only takes effect when the machine is restarted.
    > This is not desireable if you have machines that have uptimes in weeks
    > and months. You want something that will update the local admin
    > passwords in the GP update window.
    >
    > My primary reason for inquiry is HOW are they doing this since it
    > doesn't appear to be via a startup script or other "shell" mechanism.
    >

    You don't know what they have loaded on their OS. They could have a service
    installed that periodically reads a registry key (set by the GP) to determine
    whether or not to reset the local admin password and what to set it to.

    Such a service would be quite simple to write, could be distributed by
    another GPO or built into the OS image, and would do exactly what they have
    described.

    --
    Andy.
Ask a new question

Read More

Policy Microsoft Windows