Local admin password management solution

Local admin password management solution works using GPO and custom Client-Side GPO Extension. Solution periodically changes pwd of admin account to random value; it stores current builtin admin password in AD confidential attribute on computer account

4.6 Star
Add to favorites
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question

  • Is this solution supported by Microsoft or is it an unsupported tool?
    4 Posts | Last post August 09, 2011
    • Is this a supported solution from Microsoft? As in, if there are issues would I be able to get support on an open MS Support ticket for this tool?
    • Hello,
      this solution is provided in the form of "as-is" code sample with no official product support
      Jiri Formacek
    • Does MS have a supported tool similar to this that does the same thing?
    • No there is nothing doing the same thing. That is why this tool was developed.
      Similar thing is in GP Preferences that allows to store password in the GPO and then set local accounts to use this password. However, this approach has some disadvantages:
      - admin account on multiple workstations have the same password
      - password in GPO is not encrypted, but encoded
      Jiri Formacek
  • Support built in admin account when named something different?
    2 Posts | Last post August 04, 2011
    • Does this tool still work if you have renamed each server's administrator account to a name different than Administrator (via GPO http://support.microsoft.com/kb/816109)?
    • Yes, the solution still works when admin account is renamed - it finds admin account using it's well-known SID (see GetAdminAccount() in AdmPwd.cpp
      Jiri Formacek
181 - 182 of 182 Items