Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
We will use Group Policy Preferences to set password on local user account
- Click Start – All programs – Administrative Tools – Group Policy Management.
- Create or Edit Group Policy Objects.
- Expand Computer Configuration – Preferences – Control Panel Settings.
- Right-click Local Users and Groups – New – Local User.
- Ensure the Action is Update and enter the new password.
- If this is a one-time change (not permanent):
- Go to the Common tab and check the box for "Apply once and do not reapply".
- If the change should be permanent: The defaults are correct.
Here is an image of what the policy should look like before applying it:
http://mabdelhamid.files.wordpress.com/2011/09/pic-11.jpg?w=300&h=261
Note: By default, all Group Policy updates are applied on a 90-minute timer. To apply the update instantly, run agpupdate /forceon the machine to be affected.
If you want to change this 90-minute policy refresh time for all machines:
- Expand Computer Configuration – Administrative Templates –System – Group policy
- Enable Group policy refresh interval for computers and set any time you want (Recommended 5 – 10 min)
http://mabdelhamid.files.wordpress.com/2011/09/pic-2.jpg?w=300&h=168
Note: There has been a Common Vulnerability and Exposure number CVE-2014-1812 released for this feature.
With that in mind Microsoft has released a fix, to PREVENT the use of passwords within Group Policy Preferences.
https://technet.microsoft.com/library/security/ms14-025
This article was originally posted at http://mabdelhamid.wordpress.com/2011/09/12/how-to-change-local-administrator-password-with-group-policy/