Re: Local Administrator Account
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Tue, 17 Apr 2007 18:38:47 -0700
"John" <John@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4FA8B2F0-F28D-492C-8DD6-C5C64857BD66@xxxxxxxxxxxxxxxx
I have a Windows 2003 Active Directory environment. I have XP workstations
and member servers with the local administrator account password set the
same. I logged into the XP workstation as the local administrator. Then
I
was able to access all the administrative shares of the other workstations
and member servers that have the same password. I would be able to unc
path
to \\server\c$ without a domain authenication prompt. I remember this was
an
issue in the NT domain days when you could log on to other domains with if
the administrator account and passwords were the same. I checked another
Windows 2003 AD as well as a 2000 AD and it still happened. Any ideas why
and how to stop it?
If I understand the "why" part of your question, I think the MS
answer would be that it is by design.
How to stop it?
Do not use the same password everywhere, or do not use the
same account everywhere, or preferable do neither.
As you outline, loss of the credentials on one machine could
spread like wildfire throughout your infrastructure with things
as you have them, so one obviously should not have them so.
Give the builtin Administrator account (however renamed if
renamed) a long, strong, complex passphrase that is not the
same as elsewhere. Use your domain accounts for uniform
access if/when/as required.
Roger
.
- Prev by Date: Re: how can I make money off my ultimate security solution for servers
- Next by Date: Re: Local Administrator Account
- Previous by thread: Error issuing certificates from WS03 cert svc
- Next by thread: Re: Local Administrator Account
- Index(es):
Relevant Pages
|
