Administrator password conflict

G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

If I place a script, such as the following, to change the local administrator password in the GP to run on login:
net user administrator newpassword

or ...

strComputer = "."
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator,user")
objUser.SetPassword "newpassword"
objUser.SetInfo

would the script run on the domain controllers changing the domain administrator password too? Also, if I have several domain controllers for one domain, would I only have to change the GP for the primary controller, or would I need to change all of the Group Policies?

Thanks.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

In article <5C93A8AB-4E1C-4030-80B2-E3A9F71B5C83@microsoft.com>,
baggman159@earthlink.net says...
> If I place a script, such as the following, to change the local administrator password in the GP to run on login:
> net user administrator newpassword
>
> or ...
>
> strComputer = "."
> Set objUser = GetObject("WinNT://" & strComputer & "/Administrator,user")
> objUser.SetPassword "newpassword"
> objUser.SetInfo
>
> would the script run on the domain controllers changing the domain administrator password too? Also, if I have several domain controllers for one domain, would I only have to change the GP for the primary controller, or would I need to change all of the Group Policies?
>
> Thanks.
>
It shouldn't, for 'net user' you have to specify /domain to perform the
action on the domain account. Anyway, you can modify it to specify the
full logon name:
net user %computername%\administrator NewP@ssw0rd

The VBScript looks ok, though you should test these both, of course.
A per where the script will run - since it's a logon script it will run
for each user that is "hit" by this GPO. So it's very likely that if
such a user logs on on a DC the domain admin password gets changed
(again, test it by using a temp account). Group policies are replicated
between DCs, there's no need to modify it on more than one. You can make
the change on whatever DC you like,doesn't matter which.

HTH
--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.

"True knowledge exists in knowing that you know nothing."
Socrates
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thank you very much, that helps a lot.