Announcement

Collapse
No announcement yet.

Script to force reset of administrator password

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Script to force reset of administrator password

    Currently I am working on a custom image for workstations at my company. Basically, we install XP, then install a few custom drivers, install and configure some programs(NAV, etc), and make a few tweaks before the installation process finishes and we hand over control to the user.

    My question is:

    Is there a way to force a prompt to the user to change their local administrator password (not just a message "you should change your admin password", I'd like them to be prompted with an enter new password screen upon image completion)? I already know the previous administrator password, but I am looking for an automatic way to change it.

    Thanks in advance!

    - Jim

  • #2
    Re: Script to force reset of administrator password

    try this.
    http://support.microsoft.com/kb/251394

    Comment


    • #3
      Re: Script to force reset of administrator password

      I know this is an old question but I wonder why you'd want to give a computer to a user and allow them to access the Local Administrator account?

      Users should be locked out of any account that could alter the function of the workstation.

      That being said, I too would like a script that could be run at startup via group policy that could be used to periodically change the local administrator password. Something to force all of the local admin accounts to have the same password, and allow you to change it quickly if you suspect that the password has fallen into the wrong hands?

      Comment


      • #4
        Re: Script to force reset of administrator password

        Originally posted by jsd63 View Post
        That being said, I too would like a script that could be run at startup via group policy that could be used to periodically change the local administrator password. Something to force all of the local admin accounts to have the same password, and allow you to change it quickly if you suspect that the password has fallen into the wrong hands?
        If you want to do this by a computer startup script, it is best to use a random complexed password generator (you won't be able to know the password yourself, but domain admins can reset the password manualy if they need to know the administrator password). Changing local passwords by a startup script can cause conflicts with the password policy when set on the domain, e.g. length, complexity, time before alowing to change, password history.

        An other approach is to run a script periodically as a member of the domain admins group against all pingable computers in one OU, That is launched from a server. Keep a log of successes per computer so the script won't have to connect twice the same client. You have to remember to old and the new password. And check the logs. When you create a new password delete the old logs first.

        Find the local administrator account by the wellknown administrator SID! (since users with local admin rights could have changed the name of the administrator).


        \Rems
        Last edited by Rems; 7th October 2008, 19:26.

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment

        Working...
        X