Security Basics mailing list archives
RE: admin account password management
From: "Jeff Gercken" <JeffG () kizan com>
Date: Wed, 9 Feb 2005 20:33:58 -0500
1) Generate password list w/ psudo random generator. (I use apg http://www.adel.nursat.kz/apg/) wapg.exe -n 10000 -M SNCL > 10KrandPass.txt 2) Use cusrmgr.exe (Windows 2K resource kit) to change the passwords on the machines remotely. Use a spreadsheet to map a password to each server. Example in csv for easy loading but in final replace commas with spaces Cursrmgr.exe -u administrator -m,"computer name",-P "pass" Save the password - machine list in a secure place, like taped to your monitor. -jeff -----Original Message----- From: Lars Weste [mailto:lweste () gmx de] Sent: Monday, February 07, 2005 11:54 PM To: security-basics () securityfocus com Subject: admin account password management Hi, developing a password policy i'm wondering of which rules you have to secure admin level accounts on a bunch of client hosts and other hardware like switches or disk storages. more or less i came across three solutions: 1. define classes of admin level accounts for devices and client hosts depending on their security. define a password for every class and use that password at any device in that class. 2. define classes of admin level accounts for devices and client hosts and define one or more password generation rules depending on the classes of the account and generate different passwords for each device according the rules at each class of device. 3. define for any admin account at any device and client host an independent and strong password. just only looking at the passwords, point 3, independent ones seems most secure, but also most cumbersome to the administrator. so just wondering whether someone can share some practical experiences? regards lars -- Lassen Sie Ihren Gedanken freien Lauf... z.B. per FreeSMS GMX bietet bis zu 100 FreeSMS/Monat: http://www.gmx.net/de/go/mail
Current thread:
- admin account password management Lars Weste (Feb 09)
- Re: admin account password management Alexander Klimov (Feb 10)
- <Possible follow-ups>
- RE: admin account password management Jeff Gercken (Feb 10)
- RE: admin account password management Jonathan Loh (Feb 11)
- Re: admin account password management Aaron Berg (Feb 14)
- RE: admin account password management Jonathan Loh (Feb 11)
- RE: admin account password management Reece, Terry (Feb 11)