Remove From My Forums

Query on setting Local Administrator Password Policy Via GPO

Question

0

Sign in to vote

Hi,

can anyone has the steps to set standard Admin Password via GPO ?

Actually I have created a GPO to set standard admin password on 3000+ servers and the policy is linked to the servers OU where the 3000 server are moved.After a day when I checked few of the machines password changed to standard and few of them not changed to standard password. One thing I noticed in those few server is UAC is enabled and I have disabled UAC setting in control panel of the servers manually for testing and restarted to check the local admin password and found the password is not changed to standard password.

One more thing which I wanted to share is, when I was about to set password in GPO the first time I was unable to give the password ,as the option to give password was disabled .But when I uninstalled the patch KB2928120 from the DC where I have created the GPO, I was able to give the password .

The steps which I have set in GPO is below. IS there any other steps which need to be included in GPO for successful implementation of this policy ?

Computer Configuration- Preferences,-Control Panel, and then right-click Local Users and Groups. From the menu select New - Local User. Select Update as the action, type Administrator into the User name text box, then type the new password into the Password text box, confirming the password in Confirm Password text box. Press OK.

Wednesday, April 06, 2016 4:12 PM

Reply

|

Quote

Answers

0

Sign in to vote
Hi

when I uninstalled the patch KB2928120 from the DC where I have created the GPO >>> Thats not a correct method,when you uninstall this fix,you will have serious security risks.Just you need to use LAPS for configure local administrators password ; https://www.microsoft.com/en-us/download/details.aspx?id=46899
This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur
- Proposed as answer by Jay GuModerator Monday, April 11, 2016 12:16 PM
- Marked as answer by Amy Wang_Microsoft contingent staff, Moderator Wednesday, April 13, 2016 9:13 AM
Wednesday, April 06, 2016 4:38 PM

Reply

|

Quote

All replies

0

Sign in to vote
Hi

when I uninstalled the patch KB2928120 from the DC where I have created the GPO >>> Thats not a correct method,when you uninstall this fix,you will have serious security risks.Just you need to use LAPS for configure local administrators password ; https://www.microsoft.com/en-us/download/details.aspx?id=46899
This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur
- Proposed as answer by Jay GuModerator Monday, April 11, 2016 12:16 PM
- Marked as answer by Amy Wang_Microsoft contingent staff, Moderator Wednesday, April 13, 2016 9:13 AM
Wednesday, April 06, 2016 4:38 PM

Reply

|

Quote

0

Sign in to vote

Hi,

The steps which I have set in GPO is below. IS there any other steps which need to be included in GPO for successful implementation of this policy ?

Computer Configuration- Preferences,-Control Panel, and then right-click Local Users and Groups. From the menu select New - Local User. Select Update as the action, type Administrator into the User name text box, then type the new password into the Password text box, confirming the password in Confirm Password text box. Press OK.

>>>I think there is no more other steps.

For check the steps about configure the policy, you could refer to the article below.

How to Change a Local Administrator Password with Group Policy

http://social.technet.microsoft.com/wiki/contents/articles/4683.how-to-change-a-local-administrator-password-with-group-policy.aspx

In addition, here is a similar thread below for your reference.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/b1e94909-bb0b-4e10-83a0-cd7812dfe073/change-local-administrator-password-thru-gpo?forum=winserverGP

Best Regards,

Jay
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Thursday, April 07, 2016 5:55 AM

Reply

|

Quote

Moderator

0

Sign in to vote

Hi,

The steps which I have set in GPO is below. IS there any other steps which need to be included in GPO for successful implementation of this policy ?

Computer Configuration- Preferences,-Control Panel, and then right-click Local Users and Groups. From the menu select New - Local User. Select Update as the action, type Administrator into the User name text box, then type the new password into the Password text box, confirming the password in Confirm Password text box. Press OK.

>>>I think there is no more other steps.

For check the steps about configure the policy, you could refer to the article below.

How to Change a Local Administrator Password with Group Policy

http://social.technet.microsoft.com/wiki/contents/articles/4683.how-to-change-a-local-administrator-password-with-group-policy.aspx

In addition, here is a similar thread below for your reference.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/b1e94909-bb0b-4e10-83a0-cd7812dfe073/change-local-administrator-password-thru-gpo?forum=winserverGP

Best Regards,

Jay

Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

@ Jay

Microsoft has removed the ability to create or modify any Group Policy which contains a GroupPolicy Preference that specifies account credentials with MS14-025:

https://support.microsoft.com/en-us/kb/2962486

So LAPS is the recommended method for change local administators password :-)
This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

Thursday, April 07, 2016 7:59 AM

Reply

|

Quote

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Query on setting Local Administrator Password Policy Via GPO

Question

Answers

All replies