We want to ensure that all workstations (XP/2000) in our Active Directory
environment have their local Administrator passwords set to our specified
value. What would be the best way (best practice) to implement this
(Logon/Startup script, GPO, SMS, etc)? Appreciate any advice.

Howdie!

Barkley Bees schrieb:
> We want to ensure that all workstations (XP/2000) in our Active Directory
> environment have their local Administrator passwords set to our specified
> value. What would be the best way (best practice) to implement this
> (Logon/Startup script, GPO, SMS, etc)? Appreciate any advice.

Try to not script that with Group Policy - you'd have to put the
password in plain text into the script. When scripting, use the %1
parameter to pass the password as a parameter to the script - that way
it won't stick there in plain text.

There are a few tools out there you might want to use.. PsPwd is one of
them I guess - other scripts from the scripting guys are around.

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html

We run a remote script and push it out to all workstations. You don't want
to run it as a login script because you can see the password. We just read
all workstations from the root of the domain and run a script, we kick out
an error report of all machines that don't connect.

http://www.microsoft.com/technet/scr...4/hey1015.mspx

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Barkley Bees" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> We want to ensure that all workstations (XP/2000) in our Active Directory
> environment have their local Administrator passwords set to our specified
> value. What would be the best way (best practice) to implement this
> (Logon/Startup script, GPO, SMS, etc)? Appreciate any advice.
>

Florian Frommherz [MVP] <(E-Mail Removed)> wrote:
> Howdie!
>
> Barkley Bees schrieb:
>> We want to ensure that all workstations (XP/2000) in our Active
>> Directory environment have their local Administrator passwords set
>> to our specified value. What would be the best way (best practice)
>> to implement this (Logon/Startup script, GPO, SMS, etc)? Appreciate
>> any advice.
>
> Try to not script that with Group Policy - you'd have to put the
> password in plain text into the script.

My two cents? I know it's officially "bad practice," but since I do this as
a startup script nobody can see it, and the script itself is stored in a
location nobody but me/admins can access anyway, so I guess I don't
personally worry about it that much - esp. as it's only for local accounts
on workstations. :-)

> When scripting, use the %1
> parameter to pass the password as a parameter to the script - that way
> it won't stick there in plain text.
>
> There are a few tools out there you might want to use.. PsPwd is one
> of them I guess - other scripts from the scripting guys are around.
>
> cheers,
>
> Florian

Barkley Bees,

I wrote this script 1 year ago for someone to do the same thing:

http://www.tech-archive.net/Archive/.../msg00326.html

--
Newbie Coder
(It's just a name)





"Barkley Bees" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> We want to ensure that all workstations (XP/2000) in our Active Directory
> environment have their local Administrator passwords set to our specified
> value. What would be the best way (best practice) to implement this
> (Logon/Startup script, GPO, SMS, etc)? Appreciate any advice.
>