Create the GPO:
On your Domain Controller go ahead and open up Group Policy Management. Drill down to the domain where you want to create the policy and expand Group Policy Objects. Right Click in the active window and Select New. Lets call the GPO Local Admin PW. Click OK
Edit the GPO:
You should see the newly created GPO in the active window. Right Click on it and Select Edit. In the Group Policy Management Editor, drill down to Computer Configuration > Preferences > Control Panel Settings > Local Users and Groups. Right Click on Local Users and Groups and Select New > Local User.
For the Action Select Update. In the User name: type Administrator. Type and Confirm the new password you want applied. Uncheck all but Account never expires and Click OK
Back on the Group Policy Management Editor you will see the new Administrator user element has been created in the Active Window. Go ahead and close this and go back to Group Policy Management.
Apply & Test the GPO:
Next we need to apply the GPO to the OU that that has the computers which will receive it.
*Caution - You should test all GPO's in a lab environment or on a Test OU BEFORE applying them to the live production environment to ensure you will achieve the desired outcome.
In the navigation tree simply drag the Local Admin PW GPO to the computer group you want it to be applied to. You will be prompted to link the GPO to the OU. Click OK
The final step is to test the GPO. Log into a machine that is in the OU you applied the GPO to and open a command prompt. Run the following:
gpupdate /force
Log out of the computer and log back in as the Administrator using the new password.
More to come!
If you like this blog give it a g+1
No comments:
Post a Comment