Lets say we have around 300 Windows XP machines on our ActiveDirectory domain that are used for processing something. Each has an account which is patterned on the machines name. As these are treated as normal domain accounts, they are subject to the monthly password change requirements.
We have techs who go through and change the passwords each month, but this is tedious, error-prone, and time consuming. In an effort to make it better, I am going to start changing the passwords on the 300+ accounts programatically.
This, however, presents a problem. The machines are logged on as the user accounts we are changing, and by default do not update the cached credentials, which eventually will lock the account out when it tries accessing locations on the network.
Is there any way to update the cached credentials on a machine without locking/logging? Perhaps a Policy setting?
If the XP boxes have been joined to the domain then there is already a machine account for each one. It is maintained by Windows and AD without you having to do anything special. It never expires and works after reboot and without anyone having to log in.
Rather than creating an account per machine matching the machine name why not just rig your job to run as "NT Authority\NetworkService" (FireDaemon works great when you need to turn a program into a service) and let it take care of itself? All you need to do is permit those machines on the other end by adding accounts in the form