Change Local Admin Pwd?
-
@siringo said in Change Local Admin Pwd?:
I ran that on one of the remote PCs and yes it did prompt for a password. Was that what you were after?
Did you give it the password? Did it correctly respond with the os?
-
@manxam said in Change Local Admin Pwd?:
@siringo : If you have teamviewer, why not run this from the command line backend?
net user adminUserName password
You only have approximately 20 computers so it shouldn't take more than a few minutes.
If you have to create a new admin account :
net user adminUserName password /add net localgroup adaministrators adminUserName /add
This will do it.
-
@manxam said in Change Local Admin Pwd?:
@siringo : If you have teamviewer, why not run this from the command line backend?
net user adminUserName password
You only have approximately 20 computers so it shouldn't take more than a few minutes.
If you have to create a new admin account :
net user adminUserName password /add net localgroup adaministrators adminUserName /add
Sorry, what's the command line backend? I'm running TV v10. AFAIK I have to log into each PC, run CMD type in the command and log off.
I was hoping for something a little less laborious.
-
@siringo said in Change Local Admin Pwd?:
Sorry, what's the command line backend?
If you are more familiar with GPO, set a STARTUP script (Not a logon script) (startup and shutdown scripts run with system privileges) to run those two commands: net user and net localgroup, then reboot (or wait for reboot) the PC.
-
Thanks for the help fellas, I'll throw some brain power behind it and see what I end up with.
-
@siringo said in Change Local Admin Pwd?:
I was hoping for something a little less laborious.
Most RMMs have the ability to run a command without logging into the GUI. I haven't used TV but just assumed that it would offer this as well. I could be wrong...
-
@manxam said in Change Local Admin Pwd?:
@siringo said in Change Local Admin Pwd?:
I was hoping for something a little less laborious.
Most RMMs have the ability to run a command without logging into the GUI. I haven't used TV but just assumed that it would offer this as well. I could be wrong...
AFAIK it doesn't, but it might. ScreenConnect, MeshCentral, Salt, etc. all do.
-
That's one of the most important features of tools like that. We use it as much as the remote screen access.
-
@scottalanmiller said in Change Local Admin Pwd?:
That's one of the most important features of tools like that. We use it as much as the remote screen access.
Agreed!
-
saltstack, best CM with windows support
-
@Emad-R said in Change Local Admin Pwd?:
saltstack, best CM with windows support
just spent 6 seconds looking at the web site, looks too complex for my needs. Too many big scarey buzzwords.
-
@siringo said in Change Local Admin Pwd?:
@Emad-R said in Change Local Admin Pwd?:
saltstack, best CM with windows support
just spent 6 seconds looking at the web site, looks too complex for my needs. Too many big scarey buzzwords.
https://www.mangolassi.it/topic/19681/creating-a-salt-master-on-fedora-30
-
@siringo said in Change Local Admin Pwd?:
@Emad-R said in Change Local Admin Pwd?:
saltstack, best CM with windows support
just spent 6 seconds looking at the web site, looks too complex for my needs. Too many big scarey buzzwords.
SS can do a lot. It can also be a simple way to run remote commands
-
Can you use the netuser command via bat file, deployed using group policy startup script?
-
@wrx7m said in Change Local Admin Pwd?:
Can you use the netuser command via bat file, deployed using group policy startup script?
That looks familiar.
-
I felt the same at SS, but do you want to always look for tools or do you want one tool that can do everything, think about that and listen to this while you do
-
@siringo said in Change Local Admin Pwd?:
@Emad-R said in Change Local Admin Pwd?:
saltstack, best CM with windows support
just spent 6 seconds looking at the web site, looks too complex for my needs. Too many big scarey buzzwords.
After you have installed and configured the initial setup for the salt-master and salt-minion its somewhat pretty straight forward.
Create your adminuserpass.ps1 file in /srv/salt/ with something like this within the file
$AdminPlainPass = "Whos-Your-Daddy1" $AdminSecurePass = $AdminPlainPass | ConvertTo-SecureString -AsPlainText -Force Set-LocalUser -Name 'adminuser' -Password $AdminSecurePass
Create your adminuserpass.sls file in /srv/salt/ with something like this within the file
adminuserpass: cmd.script: - source: salt://adminuserpass.ps1 - shell: powershell - env: - ExecutionPolicy: "bypass"
Run the salt command with something like this.
salt 'saltminion-host' state.apply adminuserpass
-
Hey thanks for all the help everyone, it is greatly appreciated.
I've decided to go with LAPS as this is part of an overall 'let's tighten up security' project I've got going and my thoughts were, you can't go wrong if you go with the Vendor's recommendation.
I'm distributing the LAPS client software via Startup GPO which is working well ATM. Half way through the setup, but have stopped coz the weekend started.
I'll take a look at Salt as I need to broaden my horizons.
Thanks again folks.
-
@siringo said in Change Local Admin Pwd?:
Hey thanks for all the help everyone, it is greatly appreciated.
I've decided to go with LAPS as this is part of an overall 'let's tighten up security' project I've got going and my thoughts were, you can't go wrong if you go with the Vendor's recommendation.
I'm distributing the LAPS client software via Startup GPO which is working well ATM. Half way through the setup, but have stopped coz the weekend started.
I'll take a look at Salt as I need to broaden my horizons.
Thanks again folks.
Fyi, to deploy to clients you just need to copy the dll and register it with regsvr32. But good thing you're not trying to deploy it with GP's software installation features.
-
@flaxking said in Change Local Admin Pwd?:
Fyi, to deploy to clients you just need to copy the dll and register it with regsvr32. But good thing you're not trying to deploy it with GP's software installation features.
What's wrong with using GP software deployment for LAPS? This has always been my method using their msi and I've never experienced an issue.