Local admin password management solution

Local admin password management solution works using GPO and custom Client-Side GPO Extension. Solution periodically changes pwd of admin account to random value; it stores current builtin admin password in AD confidential attribute on computer account

 
 
 
 
 
4.6 Star
(58)
Add to favorites
11/26/2016
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Availability of Premier version
    2 Posts | Last post March 06, 2015
    • I would like to know if the version being made available to premier customers is available for purchase by customers not a part of Premier.  Thanks so much.
    • Hello,
      Enterprise version is available only via Premier; separate purchase option is not available. Maybe gives a reason for you to join group of Premier customers?
      
      Thanks for interest in my solution,
      Jiri
      
  • Deep OU Structure?
    2 Posts | Last post March 02, 2015
    • All the examples I and find here only show org units that are only one level deep such as "workstations, domain, com.
      
      How can we point this to specific OUs that are not at the top of the domain and that do not have unique names?
      Can you give an example of applying this to two different Organizational Units with the same name that are 4 layers deep and in different branches of the structure?
    • Hello,
      just put distinguishedName of that OU into Identity parameter of respective cmdlet (remember to enclose it by quotation marks) and it will work.
      
      Thanks for using my solution,
      Jiri
  • Intepretation
    1 Posts | Last post February 26, 2015
    • Hi Jiri,
      
      I've tried to intepret what you mean with "Availability: Plan is to make this solution available to MS Premier customers as proactive package, along with deployment and post deployment support."
      One of my customers has a MS Premier support agreement, somewhere around 40-50k clients. Are we allowed to use your solution without limitations ?
      Also, are we allowed to change your code, without license restrictions?
      MS-LPL did not explain where the copyright of code lies or what can be done without breaking that license.
      
      I've alse tried to e-mail you.
      Please answer if you can.
      
        // Kristian
  • not getting Password from tool
    2 Posts | Last post February 25, 2015
    • Schema has been updated, Access also been provided via powershell to specific groups, Group policy has been configured for default Administrator Account, getting expirationTimestamp only, not getting the password. Permission have been provided according to the powershell command given over the detail implementation plan.
      
    • Hello,
      definitely a permission issue. Please verify effective permissions on computer object for user trying to get the password. Also, if you delegated to group, make sure to logoff/logon to get group into token.
      When delegated to Administrators group, then make sure you run the tool elevated.
      Try to delegate to user account directly to see if it works or not - eliminates pinpoints issues coming from mismatched group membership.
      
      
      Hope this helps and thanks for interest in my solution,
      Jiri
  • Network Query
    2 Posts | Last post February 20, 2015
    • I am looking to employ a similar solution - this looks like it would fit our requirements quite nicely. One question - if a client is off network, would the admin password still get changed? If so, how would the new password be obtained? 
    • Hello,
      admin password is managed only when client is connected to corporate network - directly, via VPN or via DirectAccess.
      When client is offline, password does not change
      
      Hope this helps, thanks for interest in my solution
      
      Jiri
  • Support for Multiple Local Accounts
    2 Posts | Last post February 17, 2015
    • Has there been anything thought to support for multiple local accounts?
      
      We for example have a compliance requirement that causes us to have 2 local administrators per system. (example- backupAdmin and Admin) These accounts have the name name across all systems and we are looking for a method to have all of these passwords be different and be managed automatically. 
      
      Your solution would meet this requirement if it just had support for one more user account.
    • Hello,
      I currently don't plan adding capability to manage multiple local accounts into mainstream version.
      However, if really needed, I can deliver it as custom development - please let me know if interested.
      
      Best regards,
      Jiri
  • Mange RODC
    2 Posts | Last post February 17, 2015
    • Does it manage RODC ?
    • In context of management of local admi  password, RODC is considered to be a DC, this solution currently does not support it
      
      Hope this helps,
      Jiri
  • Free Installer
    2 Posts | Last post February 17, 2015
    • Hi,
      
      I've edited the MSI attribute to create a new local account when deploying the MSI, but it does not seem to do so. Is this functionality not working in the free version? 
    • Hello,
      yes, this is expected to work in free version. Note that this only happens when installing Client Side Extention. When you install any oher component, this action is not performed
      
      Hope this helps,
      Jiri
  • Update Schema Error
    2 Posts | Last post February 10, 2015
    • Hello,
      
      Jiri, I tried to update the schema using Update-AdmPwdADSchema cmdlet but get this error:
      
      Update-AdmPwdADSchema : An operation error occurred.
      At line:1 char:1
      + Update-AdmPwdADSchema
      + ~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : NotSpecified: (:) [Update-AdmPwdADSchema], DirectoryOperationException
          + FullyQualifiedErrorId : System.DirectoryServices.Protocols.DirectoryOperationException,AdmPwd.PS.UpdateADSchema
      
      I'm using windows 2008 R2 AD. Is there any missing steps?
      
      Thanks
    • Hello,
      this is timing issue in communication with schema master. Just run the command again and it will work. Working on final solution; will be available in next version
      
      Hope this helps, thanks for using my solution,
      Jiri
  • Can you clarify how we can access this tool?
    2 Posts | Last post February 10, 2015
    • Based on your update not, I'm unclear if I need to retrieve the full solution from MS Premier support or not. I specifically need the password history functionality which based on your slideshow is not included in the free version. Can you please clarify?
    • Hello,
      best way is to contact your Technical Account Manager. Password history is only available in full version of solution that is available through Premier
      
      Hope this helps, thank you for using my solution,
      Jiri
91 - 100 of 182 Items