Change Local Admin Pwd?
-
@manxam said in Change Local Admin Pwd?:
@siringo said in Change Local Admin Pwd?:
I was hoping for something a little less laborious.
Most RMMs have the ability to run a command without logging into the GUI. I haven't used TV but just assumed that it would offer this as well. I could be wrong...
AFAIK it doesn't, but it might. ScreenConnect, MeshCentral, Salt, etc. all do.
-
That's one of the most important features of tools like that. We use it as much as the remote screen access.
-
@scottalanmiller said in Change Local Admin Pwd?:
That's one of the most important features of tools like that. We use it as much as the remote screen access.
Agreed!
-
saltstack, best CM with windows support
-
@Emad-R said in Change Local Admin Pwd?:
saltstack, best CM with windows support
just spent 6 seconds looking at the web site, looks too complex for my needs. Too many big scarey buzzwords.
-
@siringo said in Change Local Admin Pwd?:
@Emad-R said in Change Local Admin Pwd?:
saltstack, best CM with windows support
just spent 6 seconds looking at the web site, looks too complex for my needs. Too many big scarey buzzwords.
https://www.mangolassi.it/topic/19681/creating-a-salt-master-on-fedora-30
-
@siringo said in Change Local Admin Pwd?:
@Emad-R said in Change Local Admin Pwd?:
saltstack, best CM with windows support
just spent 6 seconds looking at the web site, looks too complex for my needs. Too many big scarey buzzwords.
SS can do a lot. It can also be a simple way to run remote commands
-
Can you use the netuser command via bat file, deployed using group policy startup script?
-
@wrx7m said in Change Local Admin Pwd?:
Can you use the netuser command via bat file, deployed using group policy startup script?
That looks familiar.
-
I felt the same at SS, but do you want to always look for tools or do you want one tool that can do everything, think about that and listen to this while you do
-
@siringo said in Change Local Admin Pwd?:
@Emad-R said in Change Local Admin Pwd?:
saltstack, best CM with windows support
just spent 6 seconds looking at the web site, looks too complex for my needs. Too many big scarey buzzwords.
After you have installed and configured the initial setup for the salt-master and salt-minion its somewhat pretty straight forward.
Create your adminuserpass.ps1 file in /srv/salt/ with something like this within the file
$AdminPlainPass = "Whos-Your-Daddy1" $AdminSecurePass = $AdminPlainPass | ConvertTo-SecureString -AsPlainText -Force Set-LocalUser -Name 'adminuser' -Password $AdminSecurePass
Create your adminuserpass.sls file in /srv/salt/ with something like this within the file
adminuserpass: cmd.script: - source: salt://adminuserpass.ps1 - shell: powershell - env: - ExecutionPolicy: "bypass"
Run the salt command with something like this.
salt 'saltminion-host' state.apply adminuserpass
-
Hey thanks for all the help everyone, it is greatly appreciated.
I've decided to go with LAPS as this is part of an overall 'let's tighten up security' project I've got going and my thoughts were, you can't go wrong if you go with the Vendor's recommendation.
I'm distributing the LAPS client software via Startup GPO which is working well ATM. Half way through the setup, but have stopped coz the weekend started.
I'll take a look at Salt as I need to broaden my horizons.
Thanks again folks.
-
@siringo said in Change Local Admin Pwd?:
Hey thanks for all the help everyone, it is greatly appreciated.
I've decided to go with LAPS as this is part of an overall 'let's tighten up security' project I've got going and my thoughts were, you can't go wrong if you go with the Vendor's recommendation.
I'm distributing the LAPS client software via Startup GPO which is working well ATM. Half way through the setup, but have stopped coz the weekend started.
I'll take a look at Salt as I need to broaden my horizons.
Thanks again folks.
Fyi, to deploy to clients you just need to copy the dll and register it with regsvr32. But good thing you're not trying to deploy it with GP's software installation features.
-
@flaxking said in Change Local Admin Pwd?:
Fyi, to deploy to clients you just need to copy the dll and register it with regsvr32. But good thing you're not trying to deploy it with GP's software installation features.
What's wrong with using GP software deployment for LAPS? This has always been my method using their msi and I've never experienced an issue.
-
@manxam said in Change Local Admin Pwd?:
@flaxking said in Change Local Admin Pwd?:
Fyi, to deploy to clients you just need to copy the dll and register it with regsvr32. But good thing you're not trying to deploy it with GP's software installation features.
What's wrong with using GP software deployment for LAPS? This has always been my method using their msi and I've never experienced an issue.
I've just had a lot of issues with the GP's built in Software Installation feature, and I've heard the same from other techs. What I've seen is installations getting stuck and thus locking people out of their computer, and also it installing again even when the software was successfully installed.
I would imagine the LAPS msi should be so small it wouldn't give much issues, but IMO GP's software installation feature should be left untouched.
-
@flaxking said in Change Local Admin Pwd?:
@siringo said in Change Local Admin Pwd?:
Hey thanks for all the help everyone, it is greatly appreciated.
I've decided to go with LAPS as this is part of an overall 'let's tighten up security' project I've got going and my thoughts were, you can't go wrong if you go with the Vendor's recommendation.
I'm distributing the LAPS client software via Startup GPO which is working well ATM. Half way through the setup, but have stopped coz the weekend started.
I'll take a look at Salt as I need to broaden my horizons.
Thanks again folks.
Fyi, to deploy to clients you just need to copy the dll and register it with regsvr32. But good thing you're not trying to deploy it with GP's software installation features.
I get around these problems by using Startup & Shutdown scripts. I create a simple bat file that copies the required files to the local %systemroot%, then I install whatever it is that needs installing. This seems to work well for me.