Re: Admin password change

From: Chris Hagon (ChrisHagon_at_discussions.microsoft.com)
Date: 02/03/05 

Date: Thu, 3 Feb 2005 04:49:05 -0800

Hi Mike

thanks for the info. Our Domain Admin acc is only used by myself when I
require the elevated privileges that it gives. Our applications (exchange,
backup) use specific service accounts. I guess it is just a case of being
thorough and checking all other services.
Thanks for your help

"Miha Pihler [MVP]" wrote:

> Hi Chris,
>
> You will have to manually update the password for the services that run
> under administrator account (account that you will change the password for).
> It will not automatically pick up the password, but there should not be any
> need for reboot of the server. If you miss a service and don't change the
> password on it, service will fail to start.
>
> Note: it is not considered best practice to use domain administrator
> account. I am pretty sure that backup could run with less privileged
> account -- but it might take some work for granting new account all
> necessary privileges.
> The problem with using domain accounts (specially domain administrator
> account) for running services is storage of the password -- it is stored as
> clear text in registry on the remote server (it is not stored in clear text
> in active directory).
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "Chris Hagon" <ChrisHagon@discussions.microsoft.com> wrote in message
> news:E3138E1A-295D-4C8A-880F-DDDEEFAA264B@microsoft.com...
> > Hi guys
> >
> > We have 3x servs in our company. 1x memb server (Exchange2003, Win2003),
> > 2x
> > DCs, (1x Win2k, 1x Win2003).
> > Exchange, Veritas use service accounts for their business. I want to
> > change
> > our Administrator acc password.
> > What are the ramifications and if worst came to the worst can I change it
> > back again? Will any services using this acc dynamically pick up on this
> > change and will I need to do a reboot on the servers?
> > Your help as always is much appreciated!
> >
> > -------
> > Tech Admin
> > West Midlands, England
> > Stressed and Tired!
> > --------
>
>
>

Relevant Pages

  • Re: Outlook security
    ... If you are not certian if you have a personal certificate for such ... > a client that could support 128-bit security. ... > and review the mailboxes of accounts of personyou know that are ... I logon with domain administrator previliges but have reconfigured ...
    (microsoft.public.outlook.general)
  • Re: Implementing privileges
    ... bank accounts, ... is nearly finished but I'm having some trouble in managing privileges. ... If the rules and policies of privilege are inherently dynamic and likely to change frequently over time, you would probably be better off keeping them out of the DBMS. ... The R1 and R3 relationships then only need to be instantiated once in the DBMS when a UserAccount or FinancialAccount is added rather than every time they are accessed by an application. ...
    (comp.object)
  • Re: How to turn linux into VMS - memory refresher for Dave ...
    ... If OpenVMS were as popular ... I'm just not going to get my system manager to provide elevated privileges ... Windows, historically, runs for all users in fully privileged accounts. ... The lack of real error reporting & even ...
    (comp.os.vms)
  • Re: CGI apps break after DCPROMO an IIS6 server
    ... This is one of those things different on a DC vs a member server in regards ... The "built in" accounts have the minimum and necessary privileges to run ... >privileges listed in F1-help of IIS Manager UI required ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS Security
    ... The main reason for granting ... Administrator privileges to accounts that don't need ... permissions that are really needed. ...
    (Focus-Microsoft)