RE: Local admin password

Monrad.DC_at_forces.gc.ca
Date: 06/29/05

  • Next message: Nick Duda: "RE: Local admin password" 
    To: focus-ms@securityfocus.com
Date: Wed, 29 Jun 2005 12:32:12 -0400

    One approach we use is to randomize the admin password monthly for our
    classroom computers.
    If someone wants to go to the effort to crack the password, it doesn't help
    on any of the other machines, and it's changed in a month anyways.

    The support techs are in an admin group, so don't need the local admin
    account. In the event that there is a legitimate need for the local admin
    account, it can be remotely reset to a known password and will automatically
    be scrambled in less than a month.

    Drew
    -----Original Message-----
    From: Alexander Klimov [mailto:alserkli@inbox.ru]
    Sent: Wednesday, 29, June, 2005 11:55 AM
    To: danoli@adinet.com.uy
    Cc: focus-ms@securityfocus.com
    Subject: Re: Local admin password

    On Tue, 28 Jun 2005 danoli@adinet.com.uy wrote:
    > One of my customers asks me how to change the password of all local
    administrators
    > of Windows XP workstations. They don?t want to go to each one and change
    > it because they are quite a lot and they need to put the same password to
    > all. Is there any tool to do this?

    Everybody have a solution to the problem, yet nobody seems to think
    a step ahead :-)

    If you use the same password for all the local admin accounts, when
    anybody with physical access to one computer and john-the-ripper has
    immediate access to all of them!

    Whatever tool you use for setting passwords make sure that you set
    *different* passwords for different hosts. 

    -- 
Regards,
ASK
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Nick Duda: "RE: Local admin password"

    Relevant Pages

    • Re: Client Installation Issues: SMS 2.0 SP5
      ... Log on locally as LOCAL admin and install. ... Log on Locally as domain user who has LOCAL admin rights. ... The SMS Service account IS a domain admin ...
      (microsoft.public.sms.setup)
    • Re: computers locked out of the domain?
      ... Admin so that some one could work at the station. ... in the active directory' users & computers I looked at the computer account ... down or the account etc but then when I log on to the local admin acc' I can ... use the remote desktop to connect to the server, no problems & when I take ...
      (microsoft.public.windows.server.networking)
    • Re: Domain admin login problem
      ... Several Login attempt wrote: ... Administrator Account. ... How can you logon to the DC as a Local Admin? ...
      (microsoft.public.windows.server.active_directory)
    • Re: computers locked out of the domain?
      ... Admin so that some one could work at the station. ... in the active directory' users & computers I looked at the computer account ... down or the account etc but then when I log on to the local admin acc' I can ... use the remote desktop to connect to the server, no problems & when I take ...
      (microsoft.public.windows.server.networking)
    • Re: local admin account password
      ... What I think would be a better scheme is to set a very complex* random ... This eliminates the vulnerability created by weak admin passwords ... Do you think if someone wanted to break the local admin account they ...
      (Focus-Microsoft)