Re: administrator

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 10/19/05


Date: Wed, 19 Oct 2005 07:35:03 -0700

If an account is not used for running a service then have its password
changed on schedule. You can configure how often that is done and
also how long before the deadline reminders will be presented at login.

-- 
Roger Abell
Microsoft MVP (Windows Server : Security)
MCDBA,  MCSE W2k3+W2k+Nt4
"frank" <frank@discussions.microsoft.com> wrote in message 
news:84258CE2-4CF0-4ED2-B4D9-BA01EEE0A99C@microsoft.com...
> Sorry I guess I not make my self clear on the question I am asking.
>
> I agree that change password is good thing and that is not the question
>
> The question is in administrator current seting is never change password 
> as
> checked or "on".
> So my question is not about changing the password from time to time --- my
> question is where I should leave the never change password "on" or "off".
>
> My perfenance  is to leave it  "on" since I may miss the opportunity to
> change on that day and rather change when I have time to test the server.
> However I would like a link or other opinion on this matter.
>
>
> Thanks
>
> Frank
>
> "Roger Abell [MVP]" wrote:
>
>> Changing the password of accounts regularly is a good thing.
>> If accounts have become compromised without your knowing it,
>> a password change can invalidate that compromise (although by
>> then the damage may be irreversible).
>>
>> -- 
>> Roger Abell
>> Microsoft MVP (Windows Server : Security)
>> MCDBA,  MCSE W2k3+W2k+Nt4
>> "frank" <frank@discussions.microsoft.com> wrote in message
>> news:A0FD5558-7619-4B98-9056-78856B3F7C80@microsoft.com...
>> >I agree on rename the admin and  I even agree of change the password 
>> >from
>> > time to time.
>> > I guess my question is do leave as never change password and manually
>> > change
>> > it which what is what  I perfer or have unchecked and it automatically 
>> > ask
>> > for change in x amount of days.
>> >
>> > Let me know
>> >
>> > Frank
>> >
>> >
>> > "Miha Pihler [MVP]" wrote:
>> >
>> >> No, but I can say that this is not a bad policy -- especially if you 
>> >> have
>> >> time to prepare for it.
>> >>
>> >> Identify all the services on all servers or client computers that 
>> >> might
>> >> run
>> >> under this account and start running them under another account --
>> >> account
>> >> that is not member of domain administrators group if possible (give
>> >> account
>> >> only permissions that it needs to run that service - least privilege).
>> >>
>> >> Using a Least-Privileged User Account
>> >> http://www.microsoft.com/technet/security/secnews/articles/lpuseacc.mspx
>> >>
>> >> After you do this, you shouldn't have any problems changing 
>> >> Administrator
>> >> password regularly.
>> >>
>> >> -- 
>> >> Mike
>> >> Microsoft MVP - Windows Security
>> >>
>> >>
>> >> "frank" <frank@discussions.microsoft.com> wrote in message
>> >> news:73590776-C4CF-45A7-AF5D-653FBB483ACF@microsoft.com...
>> >> > Our company had a recent audit and part of the report explain the
>> >> > administrator accounts needs to renamed and set to change password
>> >> > I have renamed but I am hesitating on uncheck never change password 
>> >> > is
>> >> > there
>> >> > a link which show why/why not it should be set at never change 
>> >> > password
>> >> >
>> >> >
>> >> > Thanks for the help
>> >> >
>> >>
>> >>
>> >>
>>
>>
>> 


Relevant Pages

  • Event 1202 Warnings after Renaming Administrator Acct on SBS2003
    ... one referencing the original administrator account: ... specific policy setting that was flagged with a big, ... I used an incorrect procedure to rename the ...
    (microsoft.public.windows.server.general)
  • Re: Can I clone Administrator?
    ... you don't want to rename the profile folder. ... >> also rename the Administrator folder in Documents and Settings. ... >>> You should always, ALWAYS, have a second administrator account. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Can I clone Administrator?
    ... you don't want to rename the profile folder. ... > also rename the Administrator folder in Documents and Settings. ... >> You should always, ALWAYS, have a second administrator account. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Changing Administrator Name
    ... In Computer Management, click on Local Users and Groups. ... right click on Accounts: Rename Administrator ... Close the console and see if you can now log on using the new account ...
    (microsoft.public.windowsxp.customize)
  • Re: Changing Administrator Name
    ... In Computer Management, click on Local Users and Groups. ... right click on Accounts: Rename Administrator ... Close the console and see if you can now log on using the new account ...
    (microsoft.public.windowsxp.customize)