Answered by:
Query on setting Local Administrator Password Policy Via GPO

-
Hi,
can anyone has the steps to set standard Admin Password via GPO ?
Actually I have created a GPO to set standard admin password on 3000+ servers and the policy is linked to the servers OU where the 3000 server are moved.After a day when I checked few of the machines password changed to standard and few of them not changed to standard password. One thing I noticed in those few server is UAC is enabled and I have disabled UAC setting in control panel of the servers manually for testing and restarted to check the local admin password and found the password is not changed to standard password.
One more thing which I wanted to share is, when I was about to set password in GPO the first time I was unable to give the password ,as the option to give password was disabled .But when I uninstalled the patch KB2928120 from the DC where I have created the GPO, I was able to give the password .
The steps which I have set in GPO is below. IS there any other steps which need to be included in GPO for successful implementation of this policy ?
Computer Configuration- Preferences,-Control Panel, and then right-click Local Users and Groups. From the menu select New - Local User. Select Update as the action, type Administrator into the User name text box, then type the new password into the Password text box, confirming the password in Confirm Password text box. Press OK.
Question
Answers
-
Hi
when I uninstalled the patch KB2928120 from the DC where I have created the GPO >>> Thats not a correct method,when you uninstall this fix,you will have serious security risks.Just you need to use LAPS for configure local administrators password ; https://www.microsoft.com/en-us/download/details.aspx?id=46899
This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur
- Proposed as answer by Jay GuModerator Monday, April 11, 2016 12:16 PM
- Marked as answer by Amy Wang_Microsoft contingent staff, Moderator Wednesday, April 13, 2016 9:13 AM
All replies
-
Hi
when I uninstalled the patch KB2928120 from the DC where I have created the GPO >>> Thats not a correct method,when you uninstall this fix,you will have serious security risks.Just you need to use LAPS for configure local administrators password ; https://www.microsoft.com/en-us/download/details.aspx?id=46899
This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur
- Proposed as answer by Jay GuModerator Monday, April 11, 2016 12:16 PM
- Marked as answer by Amy Wang_Microsoft contingent staff, Moderator Wednesday, April 13, 2016 9:13 AM
-
Hi,
The steps which I have set in GPO is below. IS there any other steps which need to be included in GPO for successful implementation of this policy ?
Computer Configuration- Preferences,-Control Panel, and then right-click Local Users and Groups. From the menu select New - Local User. Select Update as the action, type Administrator into the User name text box, then type the new password into the Password text box, confirming the password in Confirm Password text box. Press OK.
>>>I think there is no more other steps.
For check the steps about configure the policy, you could refer to the article below.
How to Change a Local Administrator Password with Group Policy
In addition, here is a similar thread below for your reference.
Best Regards,
Jay
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
-
Hi,
The steps which I have set in GPO is below. IS there any other steps which need to be included in GPO for successful implementation of this policy ?
Computer Configuration- Preferences,-Control Panel, and then right-click Local Users and Groups. From the menu select New - Local User. Select Update as the action, type Administrator into the User name text box, then type the new password into the Password text box, confirming the password in Confirm Password text box. Press OK.
>>>I think there is no more other steps.
For check the steps about configure the policy, you could refer to the article below.
How to Change a Local Administrator Password with Group Policy
In addition, here is a similar thread below for your reference.
Best Regards,
Jay
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
@ Jay
Microsoft has removed the ability to create or modify any Group Policy which contains a GroupPolicy Preference that specifies account credentials with MS14-025:
https://support.microsoft.com/en-us/kb/2962486So LAPS is the recommended method for change local administators password :-)
This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur