Use a Domain Policy + script to change the password of the client administrator Account
Before I wrote this post, I found a lot of information about this on the Internet. I can see that they all say the same thing, but it is hard to implement it when a newbie comes to get it. I am very grateful to my friends on the Internet for their help. I wrote this post to help new users who are new to AD achieve this function right away based on what I wrote. What's wrong, give more advice to netizens. People are relatively lazy. They only cut down two figures. After processing, there will be no more
Function: In the domain environment, use the admin. bat file as the boot script to change the password of the local administrator account on the client computer.
1. First, log on to the domain controller computer and create an admin. bat file. The content is saved by the net user administrator password. This file means to change the administrator password to password and put the admin. bat file on the desktop.
2. Create an organizational unit named "Change Password" on AD. On the domain controller, double-click the Active Directory user and computer, right-click your domain name-New-organization unit, and name it "Change Password ".
3. Move the computer that wants to change the password to the organizational unit that you just created. Double-click on the domain controller to open the Active Directory user and computer, left-click to expand the domain Directory, find the Computers container, and left-click it, then the right will list all the computer names in your domain. Left-click the computer you want to select, right-click the selected computer-move,
Select the organization unit to change the password, and click OK. In this way, the computer you selected is moved to the organizational unit of changing the password.
4. Create a script policy for starting the client computer. On the domain controller, double-click the Active Directory user and computer, left-click to expand the domain Directory, right-click to change the password of the Organization Unit-properties-group policy-new, and name the policy admin, left-click Edit-click windows Settings under computer configuration-click script (start/shut down)-double-click Start on the right-click Add-Click Browse to put the admin on the desktop. copy the bat file to the opened location. Select admin. bat and click "OK"> "OK"> "Close Group Policy Editor"> "OK. In this way, the script policy for starting the client computer has been set up.
5. Do not set any more on the domain controller computer, because the Domain Policy automatically takes effect for 15 minutes to 2 hours. I don't know, but you want the client computer to apply this policy immediately, restart the computer on the client computer. Sometimes the cause of network and server slow response, you can first refresh the policy, open the MS-DOS window on the client computer, the client operating system is Windows 2000, run Secedit/refreshpolicy machine_policy/enforce to restart the computer. If the client operating system is Windows XP, run gpupdate/force to restart the computer.
Note: this policy is for computers. When editing the policy at above, it must be under the computer configuration selected, rather than under the user configuration. The admin. bat file will be placed at the position displayed when you click browse. In the above 5th-point command, the Windows 2000 command has not been tried and is obtained from the Internet. At that time, the client computer of Windows 2000 was directly restarted, windows XP command is correct. I have tried it. If you are afraid of admin. the content of the bat file will be viewed by the user. You can delete all user settings in the C: WINDOWSSYSVOLsysvol Folder Share on the Domain controller computer, and then add the Domain computer, but I have never tried this. Online friends say it is okay. Digress: This script is very useful. You only need to change the admin. bat content to implement many different functions.