I'm working on an autounattend.xml for my company's setup, and I really want to customize the built-in administrator account. Specifically, I need to set its display name to "Local Administrator" to differentiate it from the domain admin account, which is labeled as "Domain Administrator." I've tried adding the following lines to my xml file:
``
`Administrator`
`Local Administrator`
`Administrators`
``
This is right before the local account setup for our support team. Everything works fine, except for the display name change. Is there a way to do this?
4 Answers
You might want to rethink your approach. Instead of altering the local admin, create an AD user called LocalAdmin with a known password. You can set a GPO to make this user a local admin for the PCs in your OU. This way, you avoid issues with local accounts altogether.
Instead of modifying the account directly in the xml, consider adding a `SetupComplete.cmd` script to handle the display name change after setup. The way you're approaching it seems to suggest you're creating a new account, not just renaming the existing one.
I really just want to add the display name without renaming it. Renaming in the xml breaks some legacy software we use.
For best practices, it's usually better to create a different local admin account and manage it with LAPS instead of messing with the built-in Administrator account. Plus, it keeps things more secure!
I get that, but Microsoft recommends using the built-in account because it can’t be deleted and is already set up. We just need to modify it for our particular setup.
We actually need to stick with the built-in one for certain tasks tied to its UID. It's tricky!
Unfortunately, you can't directly modify the built-in Administrator in the unattend.xml like that. It's pretty locked down. The `LocalAccount` action is meant for creating new local users rather than modifying existing built-in ones.
Sounds interesting! I'll check it out and might consider your suggestion. Thanks for the link!