Re: Changing Admin PW on a large number of servers

The problem with that approach is that it assumes all the servers are
physically secured and only those who should be able to access it physically
can do so and are authorized to have administrator access which may or may
not be the case here. If not then a regular user that has physical access
could potentially boot into Safe Mode and gain administrator access to the
server. Of course any user that can have physical access can be a threat but
I would still make sure the built in administrator account has a complex
password if these servers are not physically secured from everybody but
administrators as an additional barrier to entry and of course at least use
locked computer cases that also block access to the drives, password protect
cmos settings, and configure to boot only from the system drive though that
may not prevent access by the truly skilled and malicious which is why
physical security is important. --- Steve


"Ronni Pedersen" <RonniPedersen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:05197F09-9EFA-4D9E-BACD-A0A889FE7A46@xxxxxxxxxxxxxxxx
Hi Jay,

There are more questions than answers to this issue.
You can always make a script or something like that, but I really don't
like
that solution.

Do you really need the Admin user account?
This is what i would do:
1. Set the local admin password to <blank> (then you can't access the
machine over the network, with that user account)
2. Rename the local admin account to something else. (Just in case).
3. Disable the local admin account, using group policies.
4. Use domain accounts only.

There are absolutely no reasons whatsoever to use the local accounts.


--
Best Regards
Ronni Pedersen
Infrastructure Architect

"Jay" wrote:

We have a new polciy where the Admin PW has to be changed on all Win 2003
servers every week. If their a a tool that i can use to automate this as
we
got about 100 servers.

Jay





.

Relevant Pages