Group Polisy not work

G

Guest

Hi there,

I have a batch file "net user administrator newpassword" which is for
changing the local administrator password. This batch file works on the local
computer, but not work via the group policy/computer settings/startup or user
settings/logon script. Can someone tell me where I can look into this
problem? Is there a log for group policy to check the error message?

Thanks in advance!

Lisa
 
M

Mark Heitbrink [MVP]

Hi,
I have a batch file "net user administrator newpassword" which is for
changing the local administrator password. This batch file works on the local
computer, but not work via the group policy/computer settings/startup or user
settings/logon script. Can someone tell me where I can look into this
problem?
Click to expand...

It´s not a problem with your GPO, its a problem of "net user"
It works on the local system if you start it manually as an admin,
because the net user command needs a user environment.
If you apply it in a computer startup script the script will run
in the system context and this one can´t change the admin password
anylonger. (It was possible with NT4 and 2K, AFAIR)

If you want to change the local admin passwords, take a look at:
http://www.gruppenrichtlinien.de/tools/PasswordChange_local.zip

This tool can push passwords to a single system or to any system
in a IP range. It´s a german GUI, but I think you can handle it.


MArk
 
G

Guest

Hi Mark, thank you for your reply. If "net user" needs user environment, why
does it not work for logon script? the user has the local administrator
rights, it should work when login, right?

Thanks,

Lisa
 
M

Mark Heitbrink [MVP]

Hi,
Hi Mark, thank you for your reply. If "net user" needs user environment,
why does it not work for logon script? the user has the local administrator
rights, it should work when login, right?
Click to expand...

Right. As a user login script it should work, if the user has
local admin rights. But the user must have the permission to
"read" the script to start, so he can take a look inside and
get the password. Perhaps this is not what you want.
But it doesn´t matter if he has admin rights, because he can
change it to anything he want ... ;-)

Mark
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Local Admin Password change script for Domain PC's 10
Incorrect GPResult result 3
Startup Script in Group Policy 10
local Group Policy Administrator does can not logon local 0
group policy 1
Map a network drive based on group policy 4
Execute a batch file problem 2
\\servername\share logon failure for domain admins 1

Top