Pagine

GPO - How to create local Administrator account using Group policies

If you want that all Pcs/server under same OU will have automatically created a new local Administrator account with a specified password you can do that creating a precise GPO.

I already tested procedure in the past and it worked fine (with centralized management):


  1. Launch Group Policy Management console --> "create a GPO...." --> Group Policy Editor
  2. Navigate to Computer Configuration\Preferences\Control Panel Settings\Local Users and Groups 
  3. right clieck in blank area and select New --> Local User
  4. Action --> update
  5. User name --> testadmuser
  6. You can setting up other settings.
  7. Put testadmuser password
  8. you can repeat precedent procedure about Administrator Account (built-in), 
If you like you can review this article too

http://www.dannyeckes.com/create-local-admin-group-policy-gpo/

I would like to highlight this article that clearly explain how to decrypt stored AD password for local administrator account using precedently GPO and how to enforce security with Microsoft Premier support.

https://blogs.technet.microsoft.com/askpfeplat/2014/05/18/how-to-automate-changing-the-local-administrator-password/

[update 2024.05.24]
in case you need to add an AD user Administrators members group you need to follow these steps

1. Launch Group Policy Management console --> "create a GPO...." --> Group Policy Editor
2. Navigate to Computer Configuration\Preferences\Control Panel Settings\Local Users and Groups 
3. right clieck in blank area and select New --> Local Group
4. Action --> update
5. Group name --> Administrators (built-in)
6. You can setting up other settings.
7. Members, Add --> Search for the Service Account in AD 
8. Action--> Add to this group