无法使用 GP 设置本地管理员密码

Question 1

这对我来说非常有效：

wmic OS get Caption|find "2008"
if not ERRORLEVEL 1 goto W2008

我猜错误可能出在这个脚本的其他地方。可能需要进行一些故障排除。

不过整个脚本看起来乱糟糟的。我建议用 PowerShell 脚本来替代，并且可能使用适当的 WMI 过滤器。或者更好的是，启用以下 GPO：

Computer Configuration, Windows Settings, Security Options, Account: Administrator account status, Disabled

首先，本地管理员配置文件并不是一个好主意。

Answer

这对我来说非常有效：

wmic OS get Caption|find "2008"
if not ERRORLEVEL 1 goto W2008

我猜错误可能出在这个脚本的其他地方。可能需要进行一些故障排除。

不过整个脚本看起来乱糟糟的。我建议用 PowerShell 脚本来替代，并且可能使用适当的 WMI 过滤器。或者更好的是，启用以下 GPO：

Computer Configuration, Windows Settings, Security Options, Account: Administrator account status, Disabled

首先，本地管理员配置文件并不是一个好主意。

Question 2

答案如下。我使用 DSquery 搜索我们的广告，如果在服务器中，则作为服务器处理，否则作为桌面处理。

@echo off
:: Limit scope:
setlocal
:: Set full path to logfile:
set logfile=C:\tmp\passlog.log
:: Initialise logfile:
date /T >%logfile%
echo Starting passlog.bat on %computername% >>%logfile%
:: ##############################################################
:: Set the required passwords here:
::windows 2003 password
set w2k3admin=pass1
::windows 2008 password
set w2k8admin=Pass1
::windows xp, vista, 7 and 8 password
set desktopadmin=pcpass
:: ##############################################################
:: We need a copy of dsquery.exe on the local machine:
echo check dsquery file... >>%logfile%
if not exist %windir%\system32\dsquery.exe copy "\\shared\location\scripts\dsquery.exe" %windir%\system32\dsquery.exe
echo dsquery filed checked... >>%logfile%
:: Are we ignoreOU?
call dsquery computer -name %computername% | findstr /i "OU=ignoreOU"
if not ERRORLEVEL 1 goto ignoreOU
:: Are we a server?
call dsquery computer -name %computername% | findstr /i "OU=Servers"
if not ERRORLEVEL 1 goto server
:: Are we a DC?
call dsquery computer -name %computername% | findstr /i /C:"OU=Domain Controllers"
if not ERRORLEVEL 1 set goto server
::
goto desktop
:server
    ver|find "6.1" >nul
        if not ERRORLEVEL 1 goto 2k8
    ver|find "5.2" >nul
        if not ERRORLEVEL 1 goto 2k3
:2k8
    echo Setting local administrator password for windows server 2008... >>%logfile%
    net user Administrator %w2k8admin% 2>&1 >>%logfile%
    goto EOF
:2k3
    echo Setting local administrator password for windows server 2003... >>%logfile%
    net user Administrator %w2k3admin% 2>&1 >>%logfile%
    goto eof
:desktop
    echo Setting local administrator password for desktop/laptop... >>%logfile%
    net user Administrator %desktopadmin% 2>&1 >>%logfile%
    goto eof
:ignoreOU
    echo Not setting local administrator password for this ignoreOU server... >>%logfile%
    goto eof
:eof
echo passlog.bat: exiting >>%logfile%
:: Remove user permissions from the logfile's ACL:
cacls %logfile% /E /R BUILTIN\Users
:: End our local scope:
endlocal

Answer

答案如下。我使用 DSquery 搜索我们的广告，如果在服务器中，则作为服务器处理，否则作为桌面处理。

@echo off
:: Limit scope:
setlocal
:: Set full path to logfile:
set logfile=C:\tmp\passlog.log
:: Initialise logfile:
date /T >%logfile%
echo Starting passlog.bat on %computername% >>%logfile%
:: ##############################################################
:: Set the required passwords here:
::windows 2003 password
set w2k3admin=pass1
::windows 2008 password
set w2k8admin=Pass1
::windows xp, vista, 7 and 8 password
set desktopadmin=pcpass
:: ##############################################################
:: We need a copy of dsquery.exe on the local machine:
echo check dsquery file... >>%logfile%
if not exist %windir%\system32\dsquery.exe copy "\\shared\location\scripts\dsquery.exe" %windir%\system32\dsquery.exe
echo dsquery filed checked... >>%logfile%
:: Are we ignoreOU?
call dsquery computer -name %computername% | findstr /i "OU=ignoreOU"
if not ERRORLEVEL 1 goto ignoreOU
:: Are we a server?
call dsquery computer -name %computername% | findstr /i "OU=Servers"
if not ERRORLEVEL 1 goto server
:: Are we a DC?
call dsquery computer -name %computername% | findstr /i /C:"OU=Domain Controllers"
if not ERRORLEVEL 1 set goto server
::
goto desktop
:server
    ver|find "6.1" >nul
        if not ERRORLEVEL 1 goto 2k8
    ver|find "5.2" >nul
        if not ERRORLEVEL 1 goto 2k3
:2k8
    echo Setting local administrator password for windows server 2008... >>%logfile%
    net user Administrator %w2k8admin% 2>&1 >>%logfile%
    goto EOF
:2k3
    echo Setting local administrator password for windows server 2003... >>%logfile%
    net user Administrator %w2k3admin% 2>&1 >>%logfile%
    goto eof
:desktop
    echo Setting local administrator password for desktop/laptop... >>%logfile%
    net user Administrator %desktopadmin% 2>&1 >>%logfile%
    goto eof
:ignoreOU
    echo Not setting local administrator password for this ignoreOU server... >>%logfile%
    goto eof
:eof
echo passlog.bat: exiting >>%logfile%
:: Remove user permissions from the logfile's ACL:
cacls %logfile% /E /R BUILTIN\Users
:: End our local scope:
endlocal

无法使用 GP 设置本地管理员密码

答案1

答案2

相关内容