I am running a VBscript through a GPO to change the Local Administrator password on all workstations in my domain. In order to test this, I did the following:
I created a Test OU, and applied the GPO solely to that. I took a test box and moved it into the Test OU. Then I had the GPO in question run the following Startup Script:
Set objOU = GetObject("LDAP://OU=test, DC=mydomain, DC=com")
objOU.Filter = Array("Computer")
For Each objItem in objOU
strComputer = objItem.CN
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator")
I rebooted the test machine, and it was successful, the local admin password had been changed to TestPasswordHere.
Now, I then took an existing user's PC and moved it into the same OU. I had him reboot, and the following error came up when he got to the startup point.
Windows Scripting Host
Script = (and it lists the full location of the VBscript)
General Access Denied Error
Source: Active Directory
From what I can see, there is no reason this should be happening, I moved both his PC and the test PC's Computer Object out of their current OU into the test one. I can't find any reference as to why it would work flawlessly on the first box and give me the above error on the user's machine? The only difference I am sure of is that the test box was a server running WIndows 2003 Server Standard, and he is using a PC running Windows XP Pro.