none
Group Policy Preferences Password Vulnerability

Answers

  • There is an update that removes functionality for specifying passwords in preferences section of GPO. The update, however, does not remove passwords that are already configured. See MS security bulletin MS14-025 for more info. The bulletin also includes scripts and guidance for identifying policies with stored password and removing password information from GPOs.

    Gleb.

    • Marked as answer by Techguy4u1 Friday, January 15, 2016 5:29 AM
    Monday, January 11, 2016 12:49 PM
  • > For standardization in our organization,we have configured local
    > administrator password for all workstation and servers through group
     
    LAPS is your solution at hand:
     
    • Marked as answer by Techguy4u1 Friday, January 15, 2016 5:29 AM
    Monday, January 11, 2016 1:12 PM

All replies

  • There is an update that removes functionality for specifying passwords in preferences section of GPO. The update, however, does not remove passwords that are already configured. See MS security bulletin MS14-025 for more info. The bulletin also includes scripts and guidance for identifying policies with stored password and removing password information from GPOs.

    Gleb.

    • Marked as answer by Techguy4u1 Friday, January 15, 2016 5:29 AM
    Monday, January 11, 2016 12:49 PM
  • > For standardization in our organization,we have configured local
    > administrator password for all workstation and servers through group
     
    LAPS is your solution at hand:
     
    • Marked as answer by Techguy4u1 Friday, January 15, 2016 5:29 AM
    Monday, January 11, 2016 1:12 PM
  • Hi Jack,

    There is an article which may be helpful to you, you could take a look :
    How To Automate Changing The Local Administrator Password
    http://blogs.technet.com/b/askpfeplat/archive/2014/05/19/how-to-automate-changing-the-local-administrator-password.aspx


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 12, 2016 2:16 AM
    Moderator
  • Hi Gleb, We have decided to change the password manually for all the workstation ,because we wanted a commin password ,since LAPS creates random different password,we have already applied the patch my question is ,when we are changing the password manually,do i need to worry about the already configured policy, and password xml file laying in all the useres PC?
    Friday, January 15, 2016 5:34 AM