MDT 2010: Setting the built in Administrator Password

As you may be aware, the local administrator account is disabled by default in Windows 7. MDT 2010 re-enables it and resets the password. This is initially done when you create a new task sequence so you don’t really need to type it in every time during the Lite-Touch Deployment wizard.

You can skip the Administrator Password wizard page by using this property in the customsettings.ini.

SkipAdminPassword=YES

You can also override the admin password for all of your task sequences by using this property in you customsettings.ini.

AdminPassword=P4$$w0rd

Or you can set it per Task Sequence as a Variable. Handy if your security manager tells you to start using a new admin password immediatly as there’s just one setting to change.

About these ads

About Andrew Barnes

A Scipting and Deployment Specialist.
This entry was posted in Deployment, MDT 2010 and tagged , , , , , , . Bookmark the permalink.

16 Responses to MDT 2010: Setting the built in Administrator Password

  1. samburattoSam says:

    Hey,

    Thanks for the Blog. Alot of helpfull stuff.

    Can you show us an example of a completed\demo customsettings.ini?

    Cheers

    Like this

  2. Gavin says:

    You just might be able to help me out…

    At my job we are in the process of migrating from MDT 2008 to MDT 2010 (we are only deploying XP SP3). We are nearly finished, but we have a pretty major snag. Back when we were first building out MDT 2008, we used N-Lite to change (among other things) the built-in administrator account name from Administrator to, let’s say, Batman. In MDT 2008, we would provide the account name Batman and its password for the AutoAdminLogin process for all subsequent reboots, and it worked like a charm. In MDT 2010, however, somewhere in the OS installation process MDT seems to be reversing the custom naming of the admin account and changing it back to Administrator. After the OS installation is complete, the box reboots; when it tries to do its first AutoAdminLogin as the user Batman, we get an error message indicating bad username and password because an account of that name no longer exists. From there we can manually log in as Administrator and re-rename the account back to Batman, and it resumes the build process with the task sequences. It goes without saying that this is a big problem as having to manually log in breaks the “no-touch” part of what was once a truly no-touch process with MDT 2008.

    Which brings me to my question: how can we get MDT 2010 to stop overwriting our custom-named administrator account before the first post-OS-installation reboot?

    Many thanks for any help you might provide.

    Like this

    • MDT will always set local admin password at the time of deployment. This is by design. I suggest using the AdminPassword variable with your current password as what you want it to be. You can use it as a task sequence variable so it only applys to that particular image.

      Like this

      • Gavin says:

        Thank you Andrew, this might be on the right track! Is there a similar variable for the NAME of the admin account? Our issue is not with the password being squashed, but with the name of the account being reverted from ‘Batman’ back to ‘Administrator’.

        Thanks,

        Gavin

        Like this

      • Sorry, fighting off a cold here and part read the post. A similar question was posted and answered in the MDT forum here. http://social.technet.microsoft.com/Forums/en/mdt/thread/edc88cb5-f9b0-4862-adf9-bb2b73940ee7

        Truthfully, I’ve never had this issue but, to keep things simple, I suggest you use a custom script to rename the local admin account back to ‘batman’ near the end of your task sequence.

        Like this

      • Reza Daniels says:

        hi there

        I tried creating the TS variable AdminPassword, Value Password at the end of the Preinstall Phase. During deployment i checked the c:\MININT\unattend.txt file and the variable does exist in the file, yet XP still prompts me to enter the local administrator password.

        Once i enter the password manually, the deployment continues and completes.
        is the adminPassword variable different for XP deployments.

        Am i missing something

        Like this

      • Hi Reza,

        Set the Task Sequence Variables at the very start of your task sequence. You can use the skip to hide the wizard panes as described above.

        Andrew.

        Like this

  3. Steve says:

    I know Gavin’s Problem because we are working together. MDT tries to log in with “Administrator” when we renamed that account to Batman. How do we change a setting so that MDT can log in the first time with ouw admin account that we called batman?

    Like this

    • Peter says:

      Hello Steve
      I’m in the same problem, how to get mdt to realize the account isn’t called Administrator.

      Any solutions?

      Cheers

      Like this

  4. Jonathan Klindt says:

    I know this isn’t a support forum, but thought I would ask anyway. My MDT Image is activating the Administrator account, but not setting the password at all. I have tried setting the admin password in the TS then in customsettings setting it to skip, I have tried what was outlined in this article. And I have setup the customsettings to not skip the admin password and enter it in the Windows Deployment Wizard. But each time the system says bad username/password and if I manually type in the password it says that it is still bad. I can log into a domain account and then set the admin password, but I don’t understand why it isn’t setting it automatically. Thanks in advance if you have an answer or suggestion.

    Like this

  5. Ravi says:

    How to have the option of customizing names of individual machines in MDT2010?

    Its like this…
    Say… 3 Users… Alan, Jake and Charlie Harpers … join my company… and I have to prepare machines for them…. currently… the only name i can use is MININT- (This part is grayed out so i cannot change it at all)… I would like to have the option of assigning a name every time i run the deployment….
    Like…. alanh- … “alanh-malibu”…. Get it?
    Currently I am unable to do that… so… in order to avoid unnecessary entries in my AD.. I am adding the machine to a work group and then after the machine starts I change the name from “MININT-3BKGQBS” to “charlieh-malibu” and add it to my domain….
    Am I making sense?
    I dont want to do this…. Is there a way out?

    Thanks
    Ravi

    Like this

  6. Sacha says:

    Hi Andrew
    Is it possible to set the password of a computer via rule in combination with the computername e.g. “Hppc#computername” ?

    Thanks
    Sacha

    Like this

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s