Randomize Administrator Password
The Randomize Administrator Password policy demonstrates how to randomize passwords for an account. This policy targets the built-in Administrator (even if that account has been renamed) and will generate a twelve-character unique random password. To randomize the built-in administrator account password on computers that have the Local Security Agent installed, enable the Randomize Administrator Password policy. This is an out-of-the-box policy that requires you to make only slight configuration changes.
Enable the Policy
To enable this policy, do the following steps:
- In the Arellia Security Manager, click the Policies tab.
- In the file library in the left pane, navigate to Arellia Solutions > Local Security > Policies > Randomize Administrator Password Policy.
- In the right pane next to User Account, choose Standard / Administrator, or a Named account.
- Then choose your password settings.
Arellia recommends leaving "Log password at server before change" enabled. This setting will ensure the server always knows the random passwords on an endpoint.
The password length and complexity also must meet the requirements set by Group Policy. If the new random password is not long or complex enough, Arellia will fail to set the random password.
Schedule and Apply
For instructions on how to set the schedule for the policy, go to Create or Change a Policy Schedule.
For instructions on how to apply the policy to computers, go to Resource Targets.
Run a Task
To run this task, do the following steps:
- In the Arellia Security Manager, click the Tasks tab.
- In the file library in the left pane, navigate to Jobs and Tasks > Client Tasks > Local Security > Randomize Administrator Password.
- Select the password randomization settings.
- Set a schedule for the task. (For instructions about how to set a schedule, go to Calendar Options.)