Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Renaming administrator account 1

Status
Not open for further replies.
secutanudu

secutanudu

IS-IT--Management
Oct 6, 2004
138
US
We are not currently in a domain, all users log into their machines locally.

We want to rename the administrator account, as well as create a second administrator account (and set the password).

We also want to enforce password policies for all local accounts.

I know this can be done via group policy, but is there any way to script or batch it so we do not have to go to every machine (~400) manually? Can we make these changes in the registry directly or somehow script local group policy changes?

Thanks,
Andrew
 
Sort by date Sort by votes
Add a new user and make them a member of Group Administrators:

net user <username> <password> /add /active:yes
Example:
net user secutanudu tektips /add /active:yes
Reference:

Now make them members of the Administrator Group:

net localgroup <local group> <local account> /<ADD>
Example:
net localgroup administrators secutandudu /ADD
Reference:
net localgroups /?

In the alteranative, you could use addusers.exe:
Reference:
Download:
Followed by the Add Users to Group utility:
Reference:
Download:
Finally, renaming the default Administrator account is slightly more complicated. You would use the utility cusmrgr.exe:

Reference:
Download:

Something else that might help:
PSExec:
 
Upvote 0 Downvote
Excellent - just succefully added an admin and added it to the group - i gotta try renaming the administrator account. I guess if it is very complicated we can just do it manually with group policy.

One more thing - is it possible to change password complexity/length requirements without manually going into group policy? Is that a reg setting soemwhere?
 
Upvote 0 Downvote
It is complicated because you cannot use the CSV list features of the middle set of tools.

Passprop.exe
Reference:
PASSPROP [/complex] [/simple] [/adminlockout] [/noadminlockout]

/complex - Forces you to enter passwords that are complex (i.e., requiring passwords to be a mix of upper- and lowercase letters and numbers or symbols)
/simple - Lets you enter simple passwords
/adminlockout - Lets you lock out the Administrator account (the Administrator account can still log on interactively on domain controllers)
/noadminlockout - Doesn't let you lock out the Administrator account

"So why would you want to lock out the Administrator account? The main reason is to restrict hackers from using Administrator account backdoors to break into your NT system. If you lock out the Administrator account, you can use it only to log on interactively on domain controllers--network logons and logons to non-domain controllers will fail."



Download:
 
Upvote 0 Downvote
bcastner: that works great (passprop.exe) but is there a way to set password length requirements as well as complexity?
 
Upvote 0 Downvote
What is passprop.exe doing? Does it modify the registry? I noticed that group policy is unchanged after running passprop.

Do you know if there is a way to simply script local group policy changes (similar to importing a .reg file) instead of doing it by hand?
 
Upvote 0 Downvote
Purchase a Windows Server product and create a Domain?

Some things you can try in a stand-alone/Workgroup setting.

. You can use Secedit.exe to export a modified set of local policy templates, and Import them elesewhere;

. You can in many cases write your own ADM files, if the local security policy is registry based and not ACL or ACE based.

. Doug Knox, MVP has a usefull utility, and the modest paid version will operate on remote machines to duplicate settings. It may not encompass all of the policy objects you want to change, but it is very usefull:
. You can copy the secpol.pol file. While this KB article is not directly on your point, it shows how to do at least that step:
. See EE member "midglio"'s comments on replicating local security policy in a Workgroup:
 
Upvote 0 Downvote
Thanks - we actually do have win2000 server, we plan to upgrade the network to Active directory at some point over the next few months. We're getting this security stuff thrown on us and we need to do it ASAP....thanks for the help.
 
Upvote 0 Downvote
Bill - I've been looking at the help for secedit /export - it's throughly confused me. Is there a way to export a specific set of policy items to import elsewhere?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question
Renaming Files 3
Replies
11
Views
669
dik
dik
k3sun
  • Question
TBS Accounting system. Foxpro
Replies
1
Views
305
k3sun
k3sun
VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
1K
guitarzan
guitarzan
theConjurian
  • Locked
  • Question
No administrator rights after upgrading to Windows 11
Replies
19
Views
3K
goombawaho
goombawaho
lmcate
  • Locked
  • Question
Guest Account Windows 10 acct.disable.
Replies
1
Views
163
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top