|
Focus on Microsoft
Re: disclosure the administrative password Feb 02 2005 07:16AM Boris Skoblo (borsk techunix technion ac il) (1 replies) Re: disclosure the administrative password Feb 02 2005 04:55PM d.pigna (at) email (dot) it [email concealed] (d pigna email it) (1 replies) Re: disclosure the administrative password Feb 08 2005 05:46AM Mike Groh (lists mikegroh net) (3 replies) Re: disclosure the administrative password Feb 08 2005 09:44PM James Eaton-Lee (james mailing gmail com) |
|
 Privacy Statement |
> The workstation admin idea sounds good to me. I want to do it in my
> network. Is there a way to easily push this policy to the workstations.
You can use startup script (Computer configuration - Windows settings - Scripts) to create user's account and add them into local administrators group.
For example
net user localadmin /add
net localgroup administrators localadmin /add
Because startup scripts executed under machine account it will have enough rights to create account and change group membership.
But you should not assign administrators password in the script because in this case password will be specified in clear text and any user can find and use it.
But you can use script to automatic assign passwords for created accounts from trusted workstation. See http://www.security.nnov.ru/articles/war/ for example of the script.
(c)oded by offtopic (at) mail (dot) ru [email concealed]
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]