Good suggestion. Questions: 1. If you need to log on locally and the domain is unavailable (it happens), how do you log in? 2. Isn't it best practice to disable the builtin admin account and use a new local admin account with a different name?
IIRC #2 was suggested practice years ago (I can't remember from where). Dave From: ed ziots [mailto:[email protected]] Sent: Wednesday, January 04, 2012 1:37 PM To: NT System Admin Issues Subject: RE: GPO reset of local non-builtin accounts You can use cusrmgr.exe from the Windows 2000 Resource kit tools to script out the GPO changes. Better yet, as mentioned earlier it would be best to control who is in your local administrators to domain based accounts that are added by GPO/GPP and remove any others from those privileged groups. HTH, Sincerely, EZ Edward E. Ziots Senior Informational Security Engineer CISSP,Security +,Network+ > From: [email protected]<mailto:[email protected]> > To: > [email protected]<mailto:[email protected]> > Date: Wed, 4 Jan 2012 13:39:08 -0500 > Subject: RE: GPO reset of local non-builtin accounts > > Then convert it to an exe or encrypt it to help keep prying eyes out of it. > > http://www.abyssmedia.com/quickbfc/ > > > -----Original Message----- > From: Matthew W. Ross > [mailto:[email protected]]<mailto:[mailto:[email protected]]> > Sent: Wednesday, January 04, 2012 1:37 PM > To: NT System Admin Issues > Subject: RE: GPO reset of local non-builtin accounts > > Try: > > net user localuser n3wP@ssw0rd > > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > From: David Lum > [mailto:[email protected]]<mailto:[mailto:[email protected]]> > To: NT System Admin Issues > [mailto:[email protected]]<mailto:[mailto:[email protected]]> > Sent: Wed, 04 Jan 2012 > 10:27:38 -0800 > Subject: RE: GPO reset of local non-builtin accounts > > > > Ohh..do tell - have a script handy that I can modify? > > > > From: Michael B. Smith > > [mailto:[email protected]]<mailto:[mailto:[email protected]]> > > Sent: Wednesday, January 04, 2012 10:21 AM > > To: NT System Admin Issues > > Subject: RE: GPO reset of local non-builtin accounts > > > > Startup/boot script? > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > From: David Lum > > [mailto:[email protected]]<mailto:[mailto:[email protected]]><mailto:[mailto:[email protected]]> > > Sent: Wednesday, January 04, 2012 1:14 PM > > To: NT System Admin Issues > > Subject: GPO reset of local non-builtin accounts > > > > Is there a way to GPO a password change of added-in local machine > > accounts if the account is the same across all systems? I can do it > > easily enough with the BuiltIn ones, but see no GPO way to do added ones. > > David Lum > > Systems Engineer // NWEATM > > Office 503.548.5229 // Cell (voice/text) 503.267.9764 > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to > > [email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]> > > software.com> > > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to > > [email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]> > > software.com> > > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to > > [email protected]<mailto:[email protected]> > > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
