Best Practices Question

K2000 : Create a local administrator account during mid-level post-install task

12/14/2016 1656 views
Hi all,

I have a question about K2000 deployment... I don't like we need to connect on the computer with the built-in local administrator account (it's not really secured). So I would like to know if it possible to create a local administrator account during a mid-level task (from KBE) with a random password (for example linked to the computer name like this it would be unique for a computer) I would use to connect in Windows to execute the post-install tasks and I would delete at the end of the deployment...?

Or if it's possible use the built-in administrator account to execute the tasks but without connect interactively in Windows to deny the user to do something if he comes on the computer during a deployment.

Someone did already try this or know if it's possible?

Thank you for you help and your answer...
0 Comments   [ + ] Show comments


All Answers

Microsoft recommends that the Administrator account should remain disabled. We create a local administrator account during installation via the unattended installation settings. We prefer scripted installs in our environment, but if you are creating images then you should still Sysprep them before uploading. Your unattend.xml file can then include the settings to create a user in the OOBE settings pass.
Answered 12/14/2016 by: chucksteel
Red Belt

  • Thank you for your answer but my question is mainly when I apply Windows 10 upgrade. Now I only have the built-in local administrator and I would like to create an new one only for applying upgrade and delete it at the end of the process.

    I followed this article to upgrade my computers from Windows 10 1511 to 1607 : http://www.itninja.com/blog/view/upgrading-to-windows-10
    • If you have a K1000, use it to send a script before upgrading to create the account you want, and then either a PO task to delete it or another K1 task.
      • Thank you I already do that and it works but it would be perfect if it could be fully automated during a K2000 deployment process.
      • How about using Password Renew [http://www.kood.org/windows-password-renew/]? You can .zip it with a batch and run it, though you will need to enter things manually, but that would create an account for you as a midlevel.
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ