Title: [ActiveDir] Setting local admin password

Isn't there a security issue with your batch files.  Do they run each time a users logs on.  What if the batch hangs and the users can view the script.  They then would have the passwords.
 
Is there a way to make sure this script is not viewed by the user.  How is the script given the rights to add users to the local groups or change the admin password when a domain user only logs on.  Not sure of your procedure but if not implimented with care this approached seems to have some security issues.
 
If you have resolutions for these issues would please share them.  I would like to know how you handle the security.  Your approach may work for us with the proper security in place.
 
Thanks,
Joe Sargent
 

======================================================
Office (423) 585-6836   Fax  (423) 585-2630    Pager (877) 593-2314

Office - mailto:[EMAIL PROTECTED]

Joe Sargent
Network and Technical Support Manager
CCEN 312
Walters State Community College
500 South Davy Crockett Parkway
Morristown, TN 37813
======================================================

-----Original Message-----
From: Rogers, Michael J. [mailto:[EMAIL PROTECTED]]On Behalf Of Rogers, Michael J.
Sent: Sunday, July 01, 2001 9:15 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Setting local admin password

I think this would work.  Haven't tested it but I do something similar to add our techs to the local admin group on workstations. 
 
Write a batch file.  The only thing it would need to says is:
 
net user administrator password     (replace password for the actual password.)  Now in your active dir. Create or modify an existing computer policy and add this to the startup scripts.  Make sure you put it in the COMPUTER policy. 
 
You may have to experiment with the switches to get it to work in your situation. 
-----Original Message-----
From: Amit Zinman2
Sent: Sun 7/1/2001 2:12 AM
To: Activedir (E-mail)
Cc:
Subject: [ActiveDir] Setting local admin password

Hi,
Does anyone know how to change password for all local admins of all the
computers in the domain?

  Amit
List info: http://www.activedir.org/mail_list.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

winmail.dat

Reply via email to