Restricting the change of the local administrator account password.

From: Max (maxdamage_at_ml1.net)
Date: 05/06/04

  • Next message: Sergey V. Gordeychik: "RE: IE questions" 
    To: ddraiggoch@coldyne.com, focus-ms@securityfocus.com
Date: Thu, 06 May 2004 04:48:41 -0700

    Hi Jason

    Something I do to stop administrators changing passwords is:

    I have a domain admin account that has access to the servers via "domain
    admins" in local "administrators". I run a vb script that sets the
    Administrators password every 30 min's regardless of what it is. This
    task is scheduled in a secure pc. The only down side is if you don’t use
    ipsec the password would be sniffable. (sniffable hmmm is that a word
    lol)

    Dose the above make sense ?

    If you want a copy of the script drop me a mail.

    Kind regards

    Max Damage 

    -- 
http://www.fastmail.fm - Consolidate POP email and Hotmail in one place
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Sergey V. Gordeychik: "RE: IE questions"

    Relevant Pages

    • Re: the C$ and ipc$ shares
      ... In order to access C$ you need the admin credentials of the target. ... These could be of a local account part of the "administrators" group, ... or a domain admin account (provided that the target workstation/server ... Cenzic Hailstorm finds vulnerabilities fast. ...
      (Pen-Test)
    • Re: Securing Data from Administrators
      ... IT Staff (primarily Network Administrators) members need admin rights. ... Theres an interesting section on Sharing a Domain Admin account password ...
      (microsoft.public.windows.server.security)
    • Re: How to use samba using LDAP user authentication on RHEL5?
      ... Mike Bleiweiss schreef: ... Jan Gerrit Kootstra wrote: ... create_builtin_administrators: Failed to create Administrators ... Kind regards, ...
      (linux.redhat)