![]() You can type something in there twice, does not mean it's the right password for the right use. Yeah, but if you go down that rabbit hole, that password is still not validated. There's no validation you typed what you think you typed. If it is, disable all other local users (including built-in Administrator) Create startup script that checks whether this new account is created. During creation you can create new local administratorĢ. ![]() What this means you could create both policies at the same time without worrying about any clashes / errors.ġ. Good thing is that LAPS can find built in Administrator account by SID so even if your GPO has not renamed administrator account it would still reset password and not fail. Not sure if it could do renaming though, but there is GPO that renames accounts. ![]() ![]() There is LAPS GUI tool, but I prefer to just use PS. Password is stored in computer object in AD (clear text, but in attribute that by default only domain admins can read). It assigns random password to 1 local user of your choice and it's super easy to set up. Another option would be to look into LAPS - it kind of does what you are looking for and alot more.Īgree to go with LAPS. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |