Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New Password every month

Status
Not open for further replies.
getndz

getndz

IS-IT--Management
Jul 25, 2007
162
CH
Hello,

A user has cracked the local admin password on its XP PC.
Usually the users have no admin right on the PCs.
Now we want modify the local admin password once a month.
How could I do this, batch, script, policy....
There are about 500 users.

Thanks and regards
 
Sort by date Sort by votes
Thank You lemon13, but as I know dsmod is to modify AD accounts. Correct ?
What I need is to modify the local user PW of the XP clients.
 
Upvote 0 Downvote
Do you have a policy against users having local admin access? If not, then you should. Then, when user "cracks" admin password, fire said employee.

You do this once, and your other 499 users won't be trying that any longer.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!
 
Upvote 0 Downvote
Hello Davetoo,

Thanks, but not really clear....
 
Upvote 0 Downvote
getndz,
What they are saying is that if there is a company policy against Admin access and said user knowingly and willingly "cracks" the password, get him released from his duty for violating the company policy. "Crack" is such a two-faced word, though, and the difference is intent. If he "guessed" correctly (and sometimes it happens, one way or another) then maybe not so harsh, a stern warning perhaps.

Roadkill,
Haven't seen that one before... will have to bookmark it. Could be useful, though I doubt that any of my users will ever need or want to crack the local admin password in my network.

cckens

"Not always my best shot, but I hit the target now and then"
-me
 
Upvote 0 Downvote
Well then allow me to clear up for you what I was saying, even though everyone else appears to have understood it just fine: Fire the person that cracked the admin password, and nobody else will try to crack it from then on.

Problem solved.

Technology isn't always the best solution for personal behavior irregularities.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!
 
Upvote 0 Downvote
I agree with Dave. Fire said employee. This will send a message to your other employees. But try this.

net user administrator enter_password_here

This will set the local admin password. This command can be put into a batch file and deployed via group policy.
 
Upvote 0 Downvote
In addition to the above I do also agree with what Davetoo has said. You should have an acceptable usage policy in place that your everyone who is using your IT system has to sign. This usage policy defines what is, and is not, acceptable treatment/usage of your IT systems, you state in this policy that violating any terms of the policy can lead to dismissal.

Paul
MCSE 2003
MCSA 2003
MCITP Enterprise Administrator

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams
 
Upvote 0 Downvote
If you look here in the vbscript forum, you can use a script to change the local admin passwords on workstations. I'm with Davetoo - said employee needs to be handed a box and shown the door.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
This is rather an irony...just this afternoon I have our company policy on my desk for review...it reads "Any employee who violates these rules or otherwise abuses the privilege of Company systems or equipment will be subject to disciplinary action up to and including immediate termination."

If that's not your companys policy, it should be. For a user to knowingly obtain a local administrator password violates the trust of the company and is not an employee that I would want working there any longer.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!
 
Upvote 0 Downvote
I agree, of course the employee should be fired !!!
But isn't my company...and I must find a security solution soon.
 
Upvote 0 Downvote
Your role as that companys consultant is to provide the proper solution, which may nor may not be a technical one.

Can you solve it technically? Maybe...but what problems could arise down the road? What if one system, or two, or a dozen, don't change...a few cycles down the road the Net Admin needs to log on locally...but can't because the password is wrong and they don't have logs of what the previous sixth password was?

Food for thought...best of luck with your situation.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!
 
Upvote 0 Downvote
Result of a meeting....
We will rename the local admin and modify its password on all the XP clients.
No problem to modify the password in remote with a batch including pspasswd.exe.
Now how could I rename the admin account in remote on all the XPs

Thank You
 
Upvote 0 Downvote
If someone cracked the admin password, they'll crack the new name and then crack the new password...again.

Good luck.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!
 
Upvote 0 Downvote
Hi Davetoo,

Of course if someone cracked the admin password, he could crack the new name and then crack the new password.
But not the same guy as before....I'm sure.
Rename the admin account would protect against remote attack.
And the the password will be modified twice a month.
The best in my opinion would be to disable the admin account but it's not possible ( internal rules and necessity)

regards
 
Upvote 0 Downvote
You can rename the administrator on your XP clients machines using group policy.

Paul
MCSE 2003
MCSA 2003
MCITP Enterprise Administrator

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
150
strongm
strongm
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
183
penguinroundup
penguinroundup
TECHMAN007
  • Locked
  • Question
RD Web Password Change
Replies
0
Views
143
TECHMAN007
TECHMAN007
matt.a.mcbeath
  • Locked
  • Question
DHCP and DNS of old server migrating to new?
Replies
0
Views
102
matt.a.mcbeath
matt.a.mcbeath
kjv1611
  • Locked
  • Question
New Client Picks Up Old Client IP Address, Both now Share?
Replies
4
Views
151
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top