This is an out-of-the-box policy created to demonstrate how to randomize a password for an account. This policy targets the built-in Administrator (even if that account has been renamed) and will generate a 12 character unique random password. To randomize the built-in administrator account password on computers with the Local Security Agent installed, enable this policy and change the password complexity to meet your requirements.
The policy can be found here:
- In the Arellia Security Manager, click the Policies tab.
- In the file library in the left pane, navigate to Arellia Solutions > Local Security > Policies > Randomize Administrator Password Policy.
- The configurable policy settings are:
- User Account
- Standard will target the account based upon the RID of the account
- Named will target a specific user account with that name
- Password length
- Characters to use in the random password
- Log password at server before change
- User Account
Arellia recommends leaving "Log password at server before change" enabled. This setting will ensure the server always knows the random passwords on an endpoint.
The password length and complexity also must meet the requirements set by Group Policy. If the new random password is not long or complex enough, Arellia will fail to set the random password.
For instructions on how to complete the settings for the policy, go to LSS Policies and Tasks.