Location: Mail List

Ads

Skyscraper

The GPTalk Mailing List

The GPTALK mailing list is where you can send and receive email related to Windows Group Policy. You must subscribe to the list to send and receive mail from the list. The purpose of the list is to provide a forum for asking and answering technical questions related to Group Policy. Any question is fair game as long as it is related to Windows Group Policy.  The Archives for this list can be found on this page.

 

List Posts

Forums >GPTalk >GPTalk Mailing List
Subject: RE: [gptalk] Network Service blank password and Group Policy Preferences
Prev Next
You are not authorized to post a reply.

AuthorMessages
jeromelcruzUser is Offline

Posts:120

08/26/2010 8:53 PM  
Ray,

I was curious... When you configure a new service in GP Prefs:

[cid:image001.png@01CB4518.3DA3FCC0]


* In the 'Log on as:' section, click the 'This Account' radio button and then click the '...' button

* In the 'Select User' dialog, type 'network service' and then click on the 'Check Names' button (when you do, the interface will change it to look like this: NETWORK SERVICE NOTE: Do not switch locations to the local device.

* Click OK

* The main screen should then update to look like this (notice that the password fields are blanked out):
[cid:image002.png@01CB4519.BAD5BDE0]

That should put a null password in the preference's XML (you can validate that by looking at it in SYSVOL).

In regards to Darren's comment: I have had to perform that manual operation with one particular setup. It was in the context of adding a domain service account in a different domain to a local group on a device in a one-way trusted domain (a Cross-domain situation) using a Preference setting. The manual edit worked just fine technically and operationally, but the Preferences 'interface' was not supporting it. Instead I just added a 'local domain' account t the preference to get it written, then edited the XML manually to point to the service account in the other trusted domain. Worked beautifully! I just have to remember to 'edit that same' every time I edit that GPO because it tries to reset it during any rewrite (I documented it in the Preference's comments section so I'd remember..thank goodness we don't edit often or it'd be a real pain).

Jerry Cruz | Group Policies Product Manager | Windows Server and Infrastructure Architecture

From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia
Sent: Thursday, August 26, 2010 11:13 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Network Service blank password and Group Policy Preferences

Haven't tested this but one thing you can try is, before you make the policy live, just put any password in there, then go into the XML settings file in SYSVOL and take out the hashed password and replace it with "". Again haven't tested this but could be worth testing.

Darren

From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Raymond Brighenti
Sent: Thursday, August 26, 2010 10:38 AM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Network Service blank password and Group Policy Preferences

Hi,

I'm trying to use Group Policy Preferences to set the "logon as" for a service that requires to run as "Network Service"
When you set this on a service in Windows you simply enter a blank password.
Problem is Group Policy Preferences doesn't allow a blank password.

Does anyone know a work around for this?

Cheers

Ray

----------------------------------------------------------------------
Actix is the trading name of Actix Limited, with registered offices at: 200 Hammersmith Road, London, W6 7DL, United Kingdom. Actix Limited is registered in England and Wales with company no. 02660615 and VAT no. GB 858742087. Managing Director of Actix Limited: Bill McHale. Actix GmbH is registered in (Sitz der Gesellschaft): Dresden, Germany with company no. Handelsregister Amtsgericht Dresden HR B 19204 and VAT no. (Ust-IDNr.) DE 813 115 475. Managing Director of Actix GmbH (Geschaeftsfuehrer): Bill McHale. Information in this message is confidential and may be legally privileged. If you are not the intended recipient, please notify the sender, and please delete the message from your system immediately. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of Actix. Whilst Actix takes every effort to ensure this message is virus free it cannot guarantee that this is the case. It is the recipient's responsibility to carry out such virus checks as it deems necessary. Actix company details: www.actix.com<http://www.actix.com>.

You are not authorized to post a reply.
Forums >GPTalk >GPTalk Mailing List > RE: [gptalk] Network Service blank password and Group Policy Preferences



ActiveForums 3.7

Members

MembershipMembership:
Latest New UserLatest:larrys
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:1340
People OnlinePeople Online:
VisitorsVisitors:0
MembersMembers:0
TotalTotal:0
Online NowOnline Now:

Ads

Banner Inv
Copyright 2009 by GPOGUY.COM
Terms Of Use