You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > 410: Scripts & Triggers Manager > Knowledge Base > 02: Tip and Tricks > 15: How to Set the Password for a Local Account using Scripts Manager
15: How to Set the Password for a Local Account using Scripts Manager
print icon

As of MS14-025 Microsoft has blocked the ability to configure local passwords using Group Policy Preferences.  However, you can still workaround this by using a PowerShell script within PolicyPak Scripts and Triggers Manager (PPScripts).

How this works is that you first define your own Security Key to use for encrypting the clear text password, (see $key below for example).

Create the password file:


Note: The PowerShell Script above was borrowed from: https://community.spiceworks.com/topic/584947-local-users-and-groups-group-policy-update)

IMPORTANT: The targeted endpoint must have rights to read the share and file used above (i.e., \\server\share\file.txt ).

Then use that Security Key to encrypt the clear text password that you enter on the screen, i.e., “Password!”

If using PowerShell ISE:
Enter the password in the window that appears when the script above is run.

If running PowerShell from CMD:

The resulting encrypted password is then stored at a secure location that is accessible from the endpoints (in this case a file on a secure network share (\\server\share\file.txt).

The next step is to create a computer side PowerShell policy in PolicyPak Scripts & Triggers.

Then at the “On Apply action” screen choose PowerShell script for the type of script from the dropdown, and then paste in the script below after editing it to reflect your Security Key, and the corresponding local username on the endpoints in your environment that you wish to update.


This script will read the file.txt from the secure network share and then use that information to update any local user account you have defined in your script.

In the example below we are setting the password for a local user called “EastSalesUser1”, see $user below).

REMINDER: The targeted endpoint must have rights to read the share and file used above (i.e., \\server\share\file.txt).

Lastly, apply the policy to any endpoints as needed and you are good to go.

Feedback
0 out of 0 found this helpful

scroll to top icon