Do your GPOs use a script or an adm(x)(l) template? If you have any extra details you're willing to share, this sounds similar to what I'm trying to accomplish.
From: [email protected] [mailto:[email protected]] On Behalf Of Marable, Mike Sent: Wednesday, June 18, 2014 3:06 PM To: <[email protected]> Cc: [email protected] Subject: Re: [mssms] RE: Create Local User on all Domain Computers Use Group Policy? We use GPOs to create the account and have an internally developed service that generates a unique password for the account each day. Our support folks have a "decoder ring" utility when thy need a machine's password for that day. Sent from my iPhone On Jun 18, 2014, at 2:36 PM, "Daniel Ratliff" <[email protected]<mailto:[email protected]>> wrote: PowerShell. You can create a password as a secure string, put that in your script and then decode it to set the password for the user. Daniel Ratliff From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Gary Ossewaarde Sent: Wednesday, June 18, 2014 2:32 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] Create Local User on all Domain Computers Due to an out-of-town user not being able to access his account (something strange happened with the cached creds), I've been asked to create a local (non-admin) account on all domain-joined machines so in such cases, helpdesk can provide this local account username/password and they can login, setup VPN, and switch user. I can easily do this with a batch file (net user) but have the added requirement the password does not appear in plaintext on the system (e.g., in the ccmcache). Any good ways of doing this? Additionally, is it a best practice to disable and randomize the Administrator account's password (as possible in OSD) and have a separate local admin, named differently? What are other people doing? Thanks, Gary The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. ********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues
