How to Change a Local Administrator Password with Group Policy

  • Article

 

We will use Group Policy Preferences to set password on local user account

  • Click StartAll programs – Administrative Tools – Group Policy Management.
  • Create or Edit Group Policy Objects.
  • Expand Computer ConfigurationPreferences – Control Panel Settings.
  • Right-click Local Users and Groups – New – Local User.
  • Ensure the Action is Update and enter the new password.
  • If this is a one-time change (not permanent):
    • Go to the Common tab and check the box for "Apply once and do not reapply".
  • If the change should be permanent: The defaults are correct.

Here is an image of what the policy should look like before applying it:

http://mabdelhamid.files.wordpress.com/2011/09/pic-11.jpg?w=300&h=261

Note: By default, all Group Policy updates are applied on a 90-minute timer. To apply the update instantly, run agpupdate /forceon the machine to be affected.

If you want to change this 90-minute policy refresh time for all machines:

  • Expand Computer ConfigurationAdministrative Templates –System – Group policy
  • Enable Group policy refresh interval for computers and set any time you want (Recommended 5 – 10 min)

http://mabdelhamid.files.wordpress.com/2011/09/pic-2.jpg?w=300&h=168

       

Note: There has been a Common Vulnerability and Exposure number CVE-2014-1812 released for this feature.

With that in mind Microsoft has released a fix, to PREVENT the use of passwords within Group Policy Preferences.

https://technet.microsoft.com/library/security/ms14-025                   

This article was originally posted at http://mabdelhamid.wordpress.com/2011/09/12/how-to-change-local-administrator-password-with-group-policy/