none
Local Administrator Account - Storing random password

    Question

  • Hi I'm in the process of designing a Windows 7 build and the business requires the Local admin account to be enabled (for support purposes).  The account will be renamed and the password will be randomised but I then need to be able to store the password.  There is currently a support DB in place for Windows XP but it is a manual process to enter the password and build details into the database at image time and I was hoping to find a way to automate it all and keep it secure.  I was wondering if others have similar requirements and how they are handling it?

    I am using SCCM Task Sequence to deploy the OS and was looking to add in a step towards the end of the deploy sequence to randomise and then send the password (along with a few other build details) to a database or other solution such as SCCM or AD?

    Any ideas would be most appreciated.

     

    ps.  I know the default answer would be to disable the local admin account and have a domain account in the local admins group...but the requirement is to have it enabled and cannot be changed.

    • Moved by Arthur Xie Wednesday, February 16, 2011 5:52 AM OSD question (From:Windows 7 Installation, Setup, and Deployment)
    Monday, February 14, 2011 10:24 AM

Answers

  • I'm guessing if you can get a command line program to create a random password for you, then send that password to a DB, and also use it to change the password at the same time.

    I'm thinking pwgen.exe from Cygwin.

    I also looked at http://smartbro.blogspot.com/2006/09/hidden-password-generator-in-windows.html

    e.g.

    C:\> net.exe user Administrator /random
    Password for Administrator is: $GvOvfNe

    Maybe capturing the output from that would work.


    Regards,
    Tom Watson,
    E-Mail: Tom_...@...
    Blog: http://myitforum.com/cs2/blogs/tom_watson
    • Marked as answer by Robinson Zhang Monday, February 21, 2011 3:54 AM
    Thursday, February 17, 2011 4:42 PM

All replies

  • I do not think that it can be simply realized. You may need a program to help you on it.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Wednesday, February 16, 2011 8:13 AM
  • I'm guessing if you can get a command line program to create a random password for you, then send that password to a DB, and also use it to change the password at the same time.

    I'm thinking pwgen.exe from Cygwin.

    I also looked at http://smartbro.blogspot.com/2006/09/hidden-password-generator-in-windows.html

    e.g.

    C:\> net.exe user Administrator /random
    Password for Administrator is: $GvOvfNe

    Maybe capturing the output from that would work.


    Regards,
    Tom Watson,
    E-Mail: Tom_...@...
    Blog: http://myitforum.com/cs2/blogs/tom_watson
    • Marked as answer by Robinson Zhang Monday, February 21, 2011 3:54 AM
    Thursday, February 17, 2011 4:42 PM