Windows 7 Thread, Local Administrator Lock Out Puzzle in Technical; Hey everyone,
Got a puzzler for you all.
It's more an annoyance than a problem because we have a way ...
3rd March 2011, 05:46 PM #1
- Rep Power
Local Administrator Lock Out Puzzle
Got a puzzler for you all.
It's more an annoyance than a problem because we have a way around it.
When we join a Windows 7 machine to the domain, the local Administrator Account gets locked out and the password blanked.
This means we have to go in as another user, go to user management and set the password for Administrator and then activate the account.
I have a big feeling it's a group policy setting, but I can see it anywhere.
We are using Server 2008 R2 and it is a 2008 Domain.
Any help would be great.
IDG Tech News
3rd March 2011, 05:47 PM #2
Sounds like it might be restricted groups!
3rd March 2011, 07:15 PM #3
As I understand it the local administrator account is disabled by default in Windows 7 installations unless there are no other administrator accounts, see here for more info: Enable and Disable the Built-in Administrator Account. As such, there's no one group policy you could change to stop it happening as the behavior is "by design".
One way around this however to save you modifying each installation manually, would be to use Group Policy Preferences to either enable the account ( see How to enable a disabled Local Administrator account offline in Windows 7 (even when using BitLocker) or for slightly more security create a local account with a different name and add it to the local admins group.
I've never had to use GPP myself as our Windows 7 estate is currently rather small, but the link above seems pretty thorough.
2 Thanks to michaelf:
elsiegee40 (7th March 2011), spider6986 (7th March 2011)
3rd March 2011, 07:53 PM #4
We don't get this when joining a Windows 7 machine to the domain. Did you choose the admin acct and password when the machine or image was originally built? It may be because that is the only administrator acct on the machine so ours gets left, much as stated by michaelf (or micha elf as I always read his name )
Thanks to witch from:
spider6986 (7th March 2011)
7th March 2011, 01:50 PM #5
- Rep Power
Thanks everyone. Sorry it's been a few days since I looked, this is more of a side project for me to look at.
We do setup another user when we create the image, however i think this is a Legacy reason that is done (I have not been here long) so I will try an install without the other user created and see if it still happends.
Because it is not a huge issue we will not worry about going though bitlocker to unlock it, but thank you for the information.
And finally we do setup the password before the image is created yes, we set everything up how we want it, then sysprep it, then create the image using PE and Imagex and then deploy the image.
7th March 2011, 02:39 PM #6
The two places I can think of to do this in Group Policy are:
Originally Posted by spider6986
- Computer Configuration > Policies > Windows Settings> Security Settings > Local Policies > Security Options; check the Accounts: Administrator account status setting
- Computer Configuration > Preferences > Control Panel Settings > Local Users and Groups
If you've done an RSoP and those sections don't have anything incriminating, I think you can rule of Group Policy as a cause.
9th March 2011, 10:10 PM #7
IIRC Vista disabled the local administrator account too.
Interesting sidenote, not necessarily of use to everyone, but when deploying with SCCM using OSD - either your own image, or a vanilla one straight off a DVD - you can set the local admin password as part of the task sequence, and the account remains alive and kicking.
Quite useful for us - previously we'd create our own local admin account as part of the final setup after image deployment and this means we can now use the local administrator account directly - but as said, won't apply to everyone.
By jj99 in forum Windows Server 2000/2003
Last Post: 23rd December 2010, 10:43 PM
By Pashers in forum Windows
Last Post: 5th December 2008, 01:48 PM
By witch in forum Windows
Last Post: 28th June 2007, 05:32 PM
By Andie in forum Windows
Last Post: 11th February 2007, 10:14 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)