Re: Audit the administrator account?

From: x y (jamescagney90210@excite.com)
Date: 05/29/02


From: "x y" <jamescagney90210@excite.com>
Date: Wed, 29 May 2002 16:04:32 -0400


For the local admin password, set up or use a workstation that is not joined
to the domain. Write a batch file or other script that from time to time
tries to connect to each computer using the ID and password, such as

net use x: /delete [or net use \\servername\c$ /delete ]
net use x: \\servername\c$ password /user:administrator [or you can do it
without the x:, e.g.
net use x: \\servername\c$ password /user:administrator ]
if exist x:\ goto next

:notification
blat [use blat to send yourself an email OR]
net send yourworkstationname "admin password on xxx has changed..."

:next

You'd want to add some code at the beginning to make sure the device is
turned on or else you will get false alarms. You could for example do
PING computername>>c:\temp\ping.txt and then use something like the
FIND command on the ping.txt file to search for successful replies.

Better yet, if you have $100, you can purchase and use IPsentry which will
do all this for you, and it can call your pager or cell phone, and keeps
historical statistics, and you can set it up to not test the password if the
device does not respond to pings.

"Scott" <alphainfinity2000@yahoo.com> wrote in message
news:82dc01c20749$ce5cf200$a4e62ecf@tkmsftngxa06...
> Hello all,
>
> I am responsible for about 300 workstations and I need to
> know how to setup auditing on the administrator account in
> a way that I will be notified when the password has been
> changed.
>
> At this point in time, we are still on a Windows NT
> domain, so I don't have any of the auditing tools
> available to AD administrators.
>
> It is very simple for a user to grab the standard linux
> disk and change the password, and I was wondering if there
> was a way for that workstation to notify me via email or
> some other means that the password has been changed?
>
>
> Suggestions?
>
> p.s. We are in the process of locking down the BIOS,
> disabling the floppy boot option ect ect....
>



Relevant Pages

  • Re: Changing workstation Admin password through AD
    ... bouncing every member server and workstation monthly is not practical. ... GPO/startup script method... ... Windows Server MVP - Directory Services ... Change the password to the Administrator account ...
    (microsoft.public.win2000.active_directory)
  • Re: How to deny Access at Clients?
    ... Thank you for using Microsofts Small Business Server newsgroups. ... understand that you want to lock a workstation down so that only two people ... It is also necessary to be very careful setting Deny ... domain Administrator account (the built in Administrator account on the ...
    (microsoft.public.windows.server.sbs)
  • Re: Changing workstation Admin password through AD
    ... Anyone who can get to power user or admin level on a workstation will have a path to get that batch file and anyone with physical access to a machine can get admin regardless of what their "official" access level is. ... Change the password to the Administrator account ... I know how to rename the administrator's account, but how can I do the ...
    (microsoft.public.win2000.active_directory)
  • Re: Changing Admin Password on Win NT, 2000, and XP workstations
    ... Cusrmgr from ... > workstation we have, 700+. ... > batch file and run it in the login script. ...
    (microsoft.public.win2000.security)
  • Local policy does not permit you to logon interactively
    ... I had a Windows 2000 Workstation ... Windows 2000 server and I wasn't the person who configured it initially. ... not even the local administrator account (which had been working before ... I REALLY don't want to reload this system and I need to find ...
    (microsoft.public.win2000.networking)