Security Basics mailing list archives
RE: Changing the domain admin password.
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Fri, 2 Feb 2007 14:29:11 -0500
You can use logon account auditing to track the use of the domain admin account. You can use the generated event log messages to identify machine names and IP addresses (depends on whether they are using Kerberos or a legacy authentication protocol) of what is using it. Then you can possibly script it, but there is no easy way to change it when it is hard coded across the network. Don Jones and others have made free scripts available on the Internet to change domain passwords that are also used in service accounts, like domain admin. But you sound like it is hard coded in other programs, and how you change them depends on how they are hard coded and where. Of course the larger issue is that you probably should not be using any process that requires a hard coded admin password. You should create custom service accounts with the necessary privileges whenever possible. Roger ***************************************************************** *Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada... *email: roger_grimes () infoworld com or roger () banneretcs com *Author of Professional Windows Desktop and Server Hardening (Wrox) *http://www.amazon.com/gp/product/0764599909 ***************************************************************** -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Gary Collis Sent: Thursday, February 01, 2007 3:41 PM To: security-basics () lists securityfocus com Subject: Changing the domain admin password. Time has come to change the domain admin password. Unfortunately this is used (hardcoded?) across the network in lots of different places, services, virus downloads etc. Does anyone know of a way for me to audit the admin account so I can see where it is currently in use. Has anyone got any other tips for changing the domain admin password without lots of pain? Thanks,
Current thread:
- Changing the domain admin password. Gary Collis (Feb 02)
- RE: Changing the domain admin password. Scott Ramsdell (Feb 02)
- Re: Changing the domain admin password. Mike Devlin (Feb 02)
- RE: Changing the domain admin password. Roger A. Grimes (Feb 02)
- <Possible follow-ups>
- Re: FW: Changing the domain admin password. Russell Barnes (Feb 02)
- Re: Changing the domain admin password. sami.ghourabi (Feb 02)