RE: Local admin password

From: George Bormes (georgeb_at_janusassociates.com)
Date: 06/29/05

Next message: test_at_test.com: "Re: RE: Local admin password"

Previous message: StefanDorn_at_bankcib.com: "Re: Local admin password"
Maybe in reply to: danoli_at_adinet.com.uy: "Local admin password"
Next in thread: Joshua \: "RE: Local admin password"
Maybe reply: test_at_test.com: "Re: RE: Local admin password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 29 Jun 2005 13:07:19 -0400
To: <focus-ms@securityfocus.com>

Alex makes a very important point!

The way we handled this when I was a systems administrator was to agree
on a scheme with the techs charged with maintaining these systems
whereby we had a recipe for each user's local password that was not
easily guessable by the user population. We mixed information like
their name, drop number and part of their XP license # (which was kept
securely by us) to come up with their password. Of course no scheme is
100% foolproof - a motivated hacker will still get in if he/she wants
to, but it's yet another layer to keep out the casual interloper.

By virtue of the fact that we had control of our switches and their
configurations, we were able to control which ports were or weren't able
to see all the traffic on any particular network segment. This would
make john the ripper type attacks that much more difficult. I realize
that not all topologies/technologies have this particular capability,
but that's the way we handled it.

Hope this helps!

George

-----Original Message-----
From: Alexander Klimov [mailto:alserkli@inbox.ru]
Sent: Wednesday, June 29, 2005 11:55 AM
To: danoli@adinet.com.uy
Cc: focus-ms@securityfocus.com
Subject: Re: Local admin password

On Tue, 28 Jun 2005 danoli@adinet.com.uy wrote:
> One of my customers asks me how to change the password of all local
administrators
> of Windows XP workstations. They don?t want to go to each one and
change
> it because they are quite a lot and they need to put the same password
to
> all. Is there any tool to do this?

Everybody have a solution to the problem, yet nobody seems to think
a step ahead :-)

If you use the same password for all the local admin accounts, when
anybody with physical access to one computer and john-the-ripper has
immediate access to all of them!

Whatever tool you use for setting passwords make sure that you set
*different* passwords for different hosts.

-- 
Regards,
ASK
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: test_at_test.com: "Re: RE: Local admin password"

Previous message: StefanDorn_at_bankcib.com: "Re: Local admin password"
Maybe in reply to: danoli_at_adinet.com.uy: "Local admin password"
Next in thread: Joshua \: "RE: Local admin password"
Maybe reply: test_at_test.com: "Re: RE: Local admin password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]