Just be aware of this. http://support.microsoft.com/kb/2962486
From: Gary Ossewaarde [mailto:[email protected]] Sent: 18 June 2014 19:32 To: [email protected] Subject: [mssms] Create Local User on all Domain Computers Due to an out-of-town user not being able to access his account (something strange happened with the cached creds), I've been asked to create a local (non-admin) account on all domain-joined machines so in such cases, helpdesk can provide this local account username/password and they can login, setup VPN, and switch user. I can easily do this with a batch file (net user) but have the added requirement the password does not appear in plaintext on the system (e.g., in the ccmcache). Any good ways of doing this? Additionally, is it a best practice to disable and randomize the Administrator account's password (as possible in OSD) and have a separate local admin, named differently? What are other people doing? Thanks, Gary _____________________________________________________________________ This email has been scanned by the MessageLabs Email Security System on behalf of Leeds College of Building. For more information please visit http://www.symanteccloud.com _____________________________________________________________________ _____________________________________________________________________ This email has been scanned by the MessageLabs Email Security System on behalf of Leeds College of Building. For more information please visit http://www.symanteccloud.com _____________________________________________________________________
