Re: administrator
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 10/19/05
- Next message: Roger Abell [MVP]: "Re: Missing Group for local admin group"
- Previous message: Wolf Kirchmeir: "Re: Disable Administrator Login in a W2K Domain"
- In reply to: frank: "Re: administrator"
- Next in thread: frank: "Re: administrator"
- Reply: frank: "Re: administrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Oct 2005 07:35:03 -0700
If an account is not used for running a service then have its password
changed on schedule. You can configure how often that is done and
also how long before the deadline reminders will be presented at login.
-- Roger Abell Microsoft MVP (Windows Server : Security) MCDBA, MCSE W2k3+W2k+Nt4 "frank" <frank@discussions.microsoft.com> wrote in message news:84258CE2-4CF0-4ED2-B4D9-BA01EEE0A99C@microsoft.com... > Sorry I guess I not make my self clear on the question I am asking. > > I agree that change password is good thing and that is not the question > > The question is in administrator current seting is never change password > as > checked or "on". > So my question is not about changing the password from time to time --- my > question is where I should leave the never change password "on" or "off". > > My perfenance is to leave it "on" since I may miss the opportunity to > change on that day and rather change when I have time to test the server. > However I would like a link or other opinion on this matter. > > > Thanks > > Frank > > "Roger Abell [MVP]" wrote: > >> Changing the password of accounts regularly is a good thing. >> If accounts have become compromised without your knowing it, >> a password change can invalidate that compromise (although by >> then the damage may be irreversible). >> >> -- >> Roger Abell >> Microsoft MVP (Windows Server : Security) >> MCDBA, MCSE W2k3+W2k+Nt4 >> "frank" <frank@discussions.microsoft.com> wrote in message >> news:A0FD5558-7619-4B98-9056-78856B3F7C80@microsoft.com... >> >I agree on rename the admin and I even agree of change the password >> >from >> > time to time. >> > I guess my question is do leave as never change password and manually >> > change >> > it which what is what I perfer or have unchecked and it automatically >> > ask >> > for change in x amount of days. >> > >> > Let me know >> > >> > Frank >> > >> > >> > "Miha Pihler [MVP]" wrote: >> > >> >> No, but I can say that this is not a bad policy -- especially if you >> >> have >> >> time to prepare for it. >> >> >> >> Identify all the services on all servers or client computers that >> >> might >> >> run >> >> under this account and start running them under another account -- >> >> account >> >> that is not member of domain administrators group if possible (give >> >> account >> >> only permissions that it needs to run that service - least privilege). >> >> >> >> Using a Least-Privileged User Account >> >> http://www.microsoft.com/technet/security/secnews/articles/lpuseacc.mspx >> >> >> >> After you do this, you shouldn't have any problems changing >> >> Administrator >> >> password regularly. >> >> >> >> -- >> >> Mike >> >> Microsoft MVP - Windows Security >> >> >> >> >> >> "frank" <frank@discussions.microsoft.com> wrote in message >> >> news:73590776-C4CF-45A7-AF5D-653FBB483ACF@microsoft.com... >> >> > Our company had a recent audit and part of the report explain the >> >> > administrator accounts needs to renamed and set to change password >> >> > I have renamed but I am hesitating on uncheck never change password >> >> > is >> >> > there >> >> > a link which show why/why not it should be set at never change >> >> > password >> >> > >> >> > >> >> > Thanks for the help >> >> > >> >> >> >> >> >> >> >> >>
- Next message: Roger Abell [MVP]: "Re: Missing Group for local admin group"
- Previous message: Wolf Kirchmeir: "Re: Disable Administrator Login in a W2K Domain"
- In reply to: frank: "Re: administrator"
- Next in thread: frank: "Re: administrator"
- Reply: frank: "Re: administrator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
