Security Basics mailing list archives

Re: FW: Changing the domain admin password.

From: "Russell Barnes" <rbarnes () gmail com>
Date: Fri, 2 Feb 2007 10:49:47 -0600

You may want to check the logon as accounts for each of your services
(services.msc) that are running on your servers.

Also, I would recommend changing the way you use your domain admin
account and move to using service user accounts for specific
processes. This would make it easier and less painful than trying to
figure out all the systems an individual account is used for but will
give you more accounts to have to manage so take your pick. Also
recommend good documentation. Here is a Microsoft paper on using
service user accounts:
http://www.microsoft.com/technet/security/guidance/serversecurity/serviceaccount/default.mspx.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Gary Collis
Sent: Thursday, February 01, 2007 2:41 PM
To: security-basics () lists securityfocus com
Subject: Changing the domain admin password.

Time has come to change the domain admin password. Unfortunately this is

used (hardcoded?) across the network in lots of different places,
services, virus downloads etc. Does anyone know of a way for me to audit

the admin account so I can see where it is currently in use.

Has anyone got any other tips for changing the domain admin password
without lots of pain?

Thanks,

Current thread:

Changing the domain admin password. Gary Collis (Feb 02)
- RE: Changing the domain admin password. Scott Ramsdell (Feb 02)
- Re: Changing the domain admin password. Mike Devlin (Feb 02)
- RE: Changing the domain admin password. Roger A. Grimes (Feb 02)
- <Possible follow-ups>
- Re: FW: Changing the domain admin password. Russell Barnes (Feb 02)
- Re: Changing the domain admin password. sami.ghourabi (Feb 02)