| Author | Messages | |
bonnie.pohlschneider@xxxx.yyy
 | | 01/31/2006 3:46 AM |
| Is
there a way to reset all of the local admin passwords for the workstations in my
domain? We currently have about 4 different passwords floating around our domain
and we'd like to get it down to a single standard. Any help would be
appreciated.
BONNIE
POHLSCHNEIDERCOPELAND CORPORATION | | | |
| tonyszko
Posts:140
| | 01/31/2006 4:06 AM |
| bonnie.pohlschneider@xxxxxxxxxxxxxxxxxx wrote:
Is there a way to reset all of the local admin passwords for the
workstations in my domain? We currently have about 4 different passwords
floating around our domain and we'd like to get it down to a single
standard. Any help would be appreciated.
I was using different approaches - for example in one of a company we
had a script which was running for few days trying to contact every
machine which was registered in AD and then reset the local admin password.
But this is one of approaches, not the only one.
--
Tomasz Onyszko
http://www.w2k.pl
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD00000537
Posts:0
| | 01/31/2006 4:11 AM |
| Is
> there a way to reset all of the local admin passwords for the workstations in my
> domain? We currently have about 4 different passwords floating around our domain
> and we'd like to get it down to a single standard. Any help would be
> appreciated.
>
>
> BONNIE
> POHLSCHNEIDERCOPELAND CORPORATION
> | | | |
| laurahcomputing
Posts:148
| | 01/31/2006 4:32 AM |
| > > We currently have about 4 different passwords floating around our domain
> > and we'd like to get it down to a single standard. Any help would be
> > appreciated.
> >
> >
Okay, just to offer a counterpoint to your underlying plan - you do
realise that by using a single local admin password across your
enterprise, if even -one- of those workstations gets the admin
password compromised, the attacker who did so now has local admin
rights to every workstation on your network? With apologies to Jesper
JohannsenΏ], it's one of those "How to get your network hacked in 10
easy steps" things - if I've just compromised the local admin password
of WorkstationA, what do you think is going to be the very first
password I try when I move on to try and compromise WorkstationB?
Ώ] And additional apologies for the fact that I'm sure I just spelled
his name wrong.
--
-----------------------
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_ (http://tinyurl.com/7f8ll)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| bonnie.pohlschneider@xxxx.yyy
| | 01/31/2006 5:04 AM |
| They are indeed are all the same.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Richard
WaldropSent: Tuesday, January 31, 2006 11:10 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: Re: [ActiveDir] Reset Local
Admin Passwords
If all local admin user names are the same I have a _vbscript_ that
uses the export from ADUC that will change themIs > there a way
to reset all of the local admin passwords for the workstations in my >
domain? We currently have about 4 different passwords floating around our domain
> and we'd like to get it down to a single standard. Any help would be
> appreciated.> > > BONNIE >
POHLSCHNEIDERCOPELAND CORPORATION> | | | |
| sbradcpa
Posts:496
| | 01/31/2006 5:13 AM |
| Jesper Johansson :-)
And these days when I apply domain cred to patch tools I can still apply
patches remotely and don't even care what the local admin password is.
Once upon a time a young padawan had the admin password on her DC the
same as the local admin on her workstations. In the book Protecting
your Windows Network there's a section on ensuring that less secure
machines don't cause security weaknesses on your more sensitive machines.
A wise and learned man gave webcasts and presentations and I learned the
error of my ways that when a workstation in the office got stolen I
wasn't freaking out that a domain admin password might be left behind in
lmhashes or cached credentials (these days I've wacked off lmhashes as well)
(and may I point out that this "can" be scripted and even "I" knew that
one :-)
Laura E. Hunter wrote:
We currently have about 4 different passwords floating around our domain
and we'd like to get it down to a single standard. Any help would be
appreciated.
Okay, just to offer a counterpoint to your underlying plan - you do
realise that by using a single local admin password across your
enterprise, if even -one- of those workstations gets the admin
password compromised, the attacker who did so now has local admin
rights to every workstation on your network? With apologies to Jesper
JohannsenΏ], it's one of those "How to get your network hacked in 10
easy steps" things - if I've just compromised the local admin password
of WorkstationA, what do you think is going to be the very first
password I try when I move on to try and compromise WorkstationB?
Ώ] And additional apologies for the fact that I'm sure I just spelled
his name wrong.
--
-----------------------
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_ (http://tinyurl.com/7f8ll)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| bonnie.pohlschneider@xxxx.yyy
| | 01/31/2006 6:07 AM |
| We do realize the potential risk in this but this request is coming from
a higher authority (my boss). I've been asked to find a way to change it
and I believe that they are going to have the password reset on a
monthly basis.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Laura E. Hunter
Sent: Tuesday, January 31, 2006 11:30 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Reset Local Admin Passwords
> > We currently have about 4 different passwords floating around our
> > domain and we'd like to get it down to a single standard. Any help
> > would be appreciated.
> >
> >
Okay, just to offer a counterpoint to your underlying plan - you do
realise that by using a single local admin password across your
enterprise, if even -one- of those workstations gets the admin password
compromised, the attacker who did so now has local admin rights to every
workstation on your network? With apologies to Jesper JohannsenΏ],
it's one of those "How to get your network hacked in 10 easy steps"
things - if I've just compromised the local admin password of
WorkstationA, what do you think is going to be the very first password I
try when I move on to try and compromise WorkstationB?
Ώ] And additional apologies for the fact that I'm sure I just spelled
his name wrong.
--
-----------------------
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_
(http://tinyurl.com/7f8ll)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD00000893
Posts:0
| | 01/31/2006 6:26 AM |
| It is hard to keep track of 1000 local machines and their administrator
accounts and passwords. I go with the idea of keeping them the same.
Just run scripts to change them regularly and have strong passwords. I
like to script everything. You mean you wan to have 1000 different admin
accounts and passwords store on a spreadsheet? What if the SID corrupts
than what? You have to open the file, browse over the names and
passwords, etc. and log in locally and rejoin the domain. They are just
workstations. So if one or two got hacked.. you re-image them. User
files and folders are store on a server right?
Turn off file sharing to the clients, they don't need file sharing turn
on. If you need to remotely access(Hyena, Dameware, etc) manage the
workstations than enable the firewall, but only allow access to the
clients from a single workstation IP, your machine or multiple IPs. This
should be done thru GPO. Block out the 65000+ ports and allow only ports
you need...Kerberos, AD Replication(forced), DNS, etc.
-Z.V.
Okay, just to offer a counterpoint to your underlying plan - you do
realise that by using a single local admin password across your
enterprise, if even -one- of those workstations gets the admin
password compromised, the attacker who did so now has local admin
rights to every workstation on your network? With apologies to Jesper
JohannsenΏ], it's one of those "How to get your network hacked in 10
easy steps" things - if I've just compromised the local admin password
of WorkstationA, what do you think is going to be the very first
password I try when I move on to try and compromise WorkstationB?
Ώ] And additional apologies for the fact that I'm sure I just spelled
his name wrong.
--
-----------------------
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_ (http://tinyurl.com/7f8ll)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| pjp
Posts:4
| | 01/31/2006 8:28 AM |
| You could perhaps base each machine's unique password on a hash of some sort
of the computer's serial number/service tag information.
Phillip Partipilo
Parametric Solutions Inc.
Jupiter, Florida
(561) 747-6107
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Za Vue
Sent: Tuesday, January 31, 2006 1:24 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Reset Local Admin Passwords
It is hard to keep track of 1000 local machines and their administrator
accounts and passwords. I go with the idea of keeping them the same.
Just run scripts to change them regularly and have strong passwords. I like
to script everything. You mean you wan to have 1000 different admin accounts
and passwords store on a spreadsheet? What if the SID corrupts than what?
You have to open the file, browse over the names and passwords, etc. and log
in locally and rejoin the domain. They are just workstations. So if one or
two got hacked.. you re-image them. User files and folders are store on a
server right?
Turn off file sharing to the clients, they don't need file sharing turn on.
If you need to remotely access(Hyena, Dameware, etc) manage the workstations
than enable the firewall, but only allow access to the clients from a single
workstation IP, your machine or multiple IPs. This should be done thru GPO.
Block out the 65000+ ports and allow only ports you need...Kerberos, AD
Replication(forced), DNS, etc.
-Z.V.
>Okay, just to offer a counterpoint to your underlying plan - you do
>realise that by using a single local admin password across your
>enterprise, if even -one- of those workstations gets the admin password
>compromised, the attacker who did so now has local admin rights to
>every workstation on your network? With apologies to Jesper
>JohannsenΏ], it's one of those "How to get your network hacked in 10
>easy steps" things - if I've just compromised the local admin password
>of WorkstationA, what do you think is going to be the very first
>password I try when I move on to try and compromise WorkstationB?
>
>
>Ώ] And additional apologies for the fact that I'm sure I just spelled
>his name wrong.
>
>--
>-----------------------
>Laura E. Hunter
>Microsoft MVP - Windows Server Networking
>Author: _Active Directory Consultant's Field Guide_
(http://tinyurl.com/7f8ll)
>List info : http://www.activedir.org/List.aspx
>List FAQ : http://www.activedir.org/ListFAQ.aspx
>List archive:
>http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| CKaiser
Posts:41
| | 01/31/2006 8:55 AM |
| Use passgen from Steve Riley and Jesper Johannson's new book. Allows you
to change a pw for accounts on remote machines from one location. Also
allows you to set the pw differently for each machine with no manual
tracking. You use a pass phrase to hash for example the machine name
plus an incrementer, and that creates a password of complexity and
length that you set. We use this and it works well for us. I can change
all the machines based on a text list of the machine names. If I need to
change the pw on one machine, I change the incrementer and reset the pw.
I don't need a spreadsheet of the pws; I can use passgen to tell me what
it is anytime as long as I know the machine name, the incrementer, and
the pass phrase used to hash.
Keeping unique admin pws on multiple machines is no longer a hassle...
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Za Vue
> Sent: Tuesday, January 31, 2006 11:24 AM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: Re: [ActiveDir] Reset Local Admin Passwords
>
> It is hard to keep track of 1000 local machines and their
> administrator
> accounts and passwords. I go with the idea of keeping them the same.
> Just run scripts to change them regularly and have strong
> passwords. I
> like to script everything. You mean you wan to have 1000
> different admin
> accounts and passwords store on a spreadsheet? What if the
> SID corrupts
> than what? You have to open the file, browse over the names and
> passwords, etc. and log in locally and rejoin the domain.
> They are just
> workstations. So if one or two got hacked.. you re-image them. User
> files and folders are store on a server right?
>
> Turn off file sharing to the clients, they don't need file
> sharing turn
> on. If you need to remotely access(Hyena, Dameware, etc) manage the
> workstations than enable the firewall, but only allow access to the
> clients from a single workstation IP, your machine or
> multiple IPs. This
> should be done thru GPO. Block out the 65000+ ports and allow
> only ports
> you need...Kerberos, AD Replication(forced), DNS, etc.
>
> -Z.V.
>
>
>
> >Okay, just to offer a counterpoint to your underlying plan - you do
> >realise that by using a single local admin password across your
> >enterprise, if even -one- of those workstations gets the admin
> >password compromised, the attacker who did so now has local admin
> >rights to every workstation on your network? With apologies
> to Jesper
> >JohannsenΏ], it's one of those "How to get your network hacked in 10
> >easy steps" things - if I've just compromised the local
> admin password
> >of WorkstationA, what do you think is going to be the very first
> >password I try when I move on to try and compromise WorkstationB?
> >
> >
> >Ώ] And additional apologies for the fact that I'm sure I
> just spelled
> >his name wrong.
> >
> >--
> >-----------------------
> >Laura E. Hunter
> >Microsoft MVP - Windows Server Networking
> >Author: _Active Directory Consultant's Field Guide_
> (http://tinyurl.com/7f8ll)
> >List info : http://www.activedir.org/List.aspx
> >List FAQ : http://www.activedir.org/ListFAQ.aspx
> >List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> >
> >
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| kwilhelm@xxxx.yyy
| | 01/31/2006 9:55 AM |
| Use a tool call DCPC (DC password changer)
freeware you can find it here http://www.danish-company.com/dcpc
all you need is the domain admin password and all PC running. “ Strait forward
and I am changing the password every 2-3 month.
Cheers,
Katrin Wilhelm (MCSA)
CVGT Employment
& Training Specialists
Australia
E-mail: kwilhelm@xxxxxxxxxxx
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of bonnie.pohlschneider@xxxxxxxxxxxxxxxxxx
Sent: Wednesday, 1 February 2006
4:09 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset
Local Admin Passwords
We do
realize the potential risk in this but this request is coming from
a higher authority (my boss). I've
been asked to find a way to change it
and I believe that they are going
to have the password reset on a
monthly basis.
-----Original
Message-----
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Laura E. Hunter
Sent: Tuesday, January 31, 2006
11:30 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Reset
Local Admin Passwords
> >
We currently have about 4 different passwords floating around our
> > domain and we'd like to
get it down to a single standard. Any help
> > would be appreciated.
> >
> >
Okay,
just to offer a counterpoint to your underlying plan - you do
realise that by using a single
local admin password across your
enterprise, if even -one- of those
workstations gets the admin password
compromised, the attacker who did
so now has local admin rights to every
workstation on your network?
With apologies to Jesper JohannsenΏ],
it's one of those "How to get
your network hacked in 10 easy steps"
things - if I've just compromised
the local admin password of
WorkstationA, what do you think is
going to be the very first password I
try when I move on to try and
compromise WorkstationB?
Ώ] And
additional apologies for the fact that I'm sure I just spelled
his name wrong.
--
-----------------------
Laura E. Hunter
Microsoft MVP - Windows Server
Networking
Author: _Active Directory
Consultant's Field Guide_
(http://tinyurl.com/7f8ll)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
Confidentiality:
The contents contain
privileged and/or confidential information intended for the named recipient of
this email.
CVGT does not warrant that
the contents of any electronically transmitted information will remain
confidential.
If the reader of this email
is not the intended recipient you are hereby notified that any use,
reproduction, disclosure or distribution of the information contained in the
email is prohibited.
If you receive this email in
error, please reply to us immediately and delete the
document.Viruses:
It is the recipient/client's
duties to virus scan and otherwise test the information provided before loading
onto any computer system.
No warranty is made that
this material is free from computer virus or any other defect or
error.
Any loss/damage incurred by
using this material is not the sender's responsibility. CVGT?s entire
liability will be limited to resupplying the material.Please contact us
at www.cvgt.com.au for further
information regarding this disclaimer. | | | |
| tonyszko
Posts:140
| | 01/31/2006 10:17 AM |
| Katrin Wilhelm wrote:
Use a tool call DCPC (DC password changer) freeware you can find it here
http://www.danish-company.com/dcpc all you need is the domain admin
password and all PC running. “ Strait forward and I am changing the
password every 2-3 month.
Just for my curiosity - how are You making sure that You changed all the
passwords, because some machines may not be on-line?
--
Tomasz Onyszko
http://www.w2k.pl
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| listmail
Posts:824
| | 02/01/2006 2:37 AM |
| Actually once it compromised the one machine it doesn't even need to try
passwords on the others, if running in that security context it it could
connect directly. I have seen that in a couple of cases where whole groups
of PCs were nailed in seconds. Quite fun. :)
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Laura E. Hunter
Sent: Tuesday, January 31, 2006 11:30 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Reset Local Admin Passwords
> > We currently have about 4 different passwords floating around our
> > domain and we'd like to get it down to a single standard. Any help
> > would be appreciated.
> >
> >
Okay, just to offer a counterpoint to your underlying plan - you do realise
that by using a single local admin password across your enterprise, if even
-one- of those workstations gets the admin password compromised, the
attacker who did so now has local admin rights to every workstation on your
network? With apologies to Jesper JohannsenΏ], it's one of those "How to
get your network hacked in 10 easy steps" things - if I've just compromised
the local admin password of WorkstationA, what do you think is going to be
the very first password I try when I move on to try and compromise
WorkstationB?
Ώ] And additional apologies for the fact that I'm sure I just spelled his
name wrong.
--
-----------------------
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_
(http://tinyurl.com/7f8ll)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| listmail
Posts:824
| | 02/01/2006 2:44 AM |
| If your password is the same on all of them the chances are once one is
hacked, the whole bunch will be. Anyway, how can you be sure they aren't
hacked? You can only prove you are hacked, not that you aren't.
Also consider this. I am an admin on Machine X and only on Machine X. You
set the builtin admin so you can get in. I happened to have installed a
password filter and picked off that password, I now am an admin on all of
your workstations. Alternately I dump the same and crack it and have the
same effect. Remember, I am the owner of the box if I physically sit at it.
You can't stop me if I really want in and to do things.
As you say, they are workstations, who cares. Set a random password with a
random number of characters over 14 characters and forget about it. If you
need in, crack the box, what does that add? Like a single reboot and maybe 2
minutes to the domain join time?
Alternately if you don't want random passwords, you set the passwords based
on some algorithm that uses info specific to the box and don't publish the
algorithm.
No matter what though, I would push for different passwords on every
machine.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Za Vue
Sent: Tuesday, January 31, 2006 1:24 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Reset Local Admin Passwords
It is hard to keep track of 1000 local machines and their administrator
accounts and passwords. I go with the idea of keeping them the same.
Just run scripts to change them regularly and have strong passwords. I like
to script everything. You mean you wan to have 1000 different admin accounts
and passwords store on a spreadsheet? What if the SID corrupts than what?
You have to open the file, browse over the names and passwords, etc. and log
in locally and rejoin the domain. They are just workstations. So if one or
two got hacked.. you re-image them. User files and folders are store on a
server right?
Turn off file sharing to the clients, they don't need file sharing turn on.
If you need to remotely access(Hyena, Dameware, etc) manage the workstations
than enable the firewall, but only allow access to the clients from a single
workstation IP, your machine or multiple IPs. This should be done thru GPO.
Block out the 65000+ ports and allow only ports you need...Kerberos, AD
Replication(forced), DNS, etc.
-Z.V.
>Okay, just to offer a counterpoint to your underlying plan - you do
>realise that by using a single local admin password across your
>enterprise, if even -one- of those workstations gets the admin password
>compromised, the attacker who did so now has local admin rights to
>every workstation on your network? With apologies to Jesper
>JohannsenΏ], it's one of those "How to get your network hacked in 10
>easy steps" things - if I've just compromised the local admin password
>of WorkstationA, what do you think is going to be the very first
>password I try when I move on to try and compromise WorkstationB?
>
>
>Ώ] And additional apologies for the fact that I'm sure I just spelled
>his name wrong.
>
>--
>-----------------------
>Laura E. Hunter
>Microsoft MVP - Windows Server Networking
>Author: _Active Directory Consultant's Field Guide_
(http://tinyurl.com/7f8ll)
>List info : http://www.activedir.org/List.aspx
>List FAQ : http://www.activedir.org/ListFAQ.aspx
>List archive:
>http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| klas9574
Posts:1
| | 03/31/2006 6:22 AM |
| A bit dated I know, but Danish company™s
web site seems to have gone kaput. Does anyone here happen to have a copy
of DCPC to share?
Scott Klassen
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Katrin Wilhelm
Sent: Tuesday, January 31, 2006
3:54 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset
Local Admin Passwords
Use a tool call DCPC (DC password changer)
freeware you can find it here http://www.danish-company.com/dcpc
all you need is the domain admin password and all PC running. “ Strait
forward and I am changing the password every 2-3 month.
Cheers,
Katrin Wilhelm (MCSA)
CVGT Employment
& Training Specialists
Australia
E-mail: kwilhelm@xxxxxxxxxxx
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of bonnie.pohlschneider@xxxxxxxxxxxxxxxxxx
Sent: Wednesday, 1 February 2006
4:09 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset
Local Admin Passwords
We do
realize the potential risk in this but this request is coming from
a higher authority (my boss). I've
been asked to find a way to change it
and I believe that they are going
to have the password reset on a
monthly basis.
-----Original
Message-----
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Laura E. Hunter
Sent: Tuesday, January 31, 2006
11:30 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Reset
Local Admin Passwords
> >
We currently have about 4 different passwords floating around our
> > domain and we'd like to
get it down to a single standard. Any help
> > would be appreciated.
> >
> >
Okay,
just to offer a counterpoint to your underlying plan - you do
realise that by using a single
local admin password across your
enterprise, if even -one- of those
workstations gets the admin password
compromised, the attacker who did
so now has local admin rights to every
workstation on your network?
With apologies to Jesper JohannsenΏ],
it's one of those "How to get
your network hacked in 10 easy steps"
things - if I've just compromised
the local admin password of
WorkstationA, what do you think is
going to be the very first password I
try when I move on to try and
compromise WorkstationB?
Ώ] And
additional apologies for the fact that I'm sure I just spelled
his name wrong.
--
-----------------------
Laura E. Hunter
Microsoft MVP - Windows Server
Networking
Author: _Active Directory
Consultant's Field Guide_
(http://tinyurl.com/7f8ll)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
Confidentiality:
The contents contain
privileged and/or confidential information intended for the named recipient of
this email.
CVGT does not warrant that
the contents of any electronically transmitted information will remain
confidential.
If the reader of this
email is not the intended recipient you are hereby notified that any use,
reproduction, disclosure or distribution of the information contained in the
email is prohibited.
If you receive this email
in error, please reply to us immediately and delete the document.
Viruses:
It is the
recipient/client's duties to virus scan and otherwise test the information
provided before loading onto any computer system.
No warranty is made that
this material is free from computer virus or any other defect or error.
Any loss/damage incurred
by using this material is not the sender's responsibility. CVGT�s
entire liability will be limited to resupplying the material.
Please contact us at www.cvgt.com.au for further information regarding this
disclaimer. | | | |
| dave@xxxx.yyy
| | 03/31/2006 6:42 AM |
| Provided the PCs are in the domain you can set them in a script with the
"NET USER" command. You need to take a little care to make sure the users can't
see what they are being set to...You could probably also do it with PsExec...
and a remote "NET" command....
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Scott KlassenSent: 31 March 2006
19:19To: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE:
[ActiveDir] Reset Local Admin Passwords
A bit dated I know,
but Danish company™s web site seems to have gone kaput. Does anyone here
happen to have a copy of DCPC to share?
Scott
Klassen
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Katrin
WilhelmSent: Tuesday,
January 31, 2006 3:54 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Reset Local
Admin Passwords
Use a tool call DCPC
(DC password changer) freeware you can find it here http://www.danish-company.com/dcpc
all you need is the domain admin password and all PC running. “ Strait forward
and I am changing the password every 2-3 month.
Cheers,
Katrin
Wilhelm (MCSA)CVGT Employment & Training
SpecialistsAustraliaE-mail: kwilhelm@xxxxxxxxxxx
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of
bonnie.pohlschneider@xxxxxxxxxxxxxxxxxxSent: Wednesday, 1 February 2006 4:09
AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Reset Local
Admin Passwords
We do
realize the potential risk in this but this request is coming
from a higher
authority (my boss). I've been asked to find a way to change it
and I believe that they are
going to have the password reset on a monthly basis.
-----Original Message----- From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Laura E. Hunter Sent: Tuesday, January 31, 2006 11:30 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Reset
Local Admin Passwords
> >
We currently have about 4 different passwords floating around our
> > domain
and we'd like to get it down to a single standard. Any help
> > would
be appreciated. > > > >
Okay,
just to offer a counterpoint to your underlying plan - you do
realise that by using a single
local admin password across your enterprise, if even -one- of those workstations gets
the admin password compromised, the attacker who did so now has local
admin rights to every workstation on your network? With apologies to
Jesper JohannsenΏ], it's one of those "How to get your network hacked in
10 easy steps" things - if I've just compromised the local admin
password of WorkstationA, what do you think is going to be the
very first password I try when I move on to try and compromise
WorkstationB?
Ώ] And
additional apologies for the fact that I'm sure I just spelled
his name wrong.
-- ----------------------- Laura E. Hunter Microsoft MVP - Windows Server
Networking Author: _Active Directory Consultant's Field
Guide_ (http://tinyurl.com/7f8ll) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
Confidentiality:
The contents contain privileged and/or
confidential information intended for the named recipient of this
email.
CVGT does not warrant that the contents
of any electronically transmitted information will remain
confidential.
If the reader of this email is not the
intended recipient you are hereby notified that any use, reproduction,
disclosure or distribution of the information contained in the email is
prohibited.
If you receive this email in error,
please reply to us immediately and delete the
document.Viruses:
It is the recipient/client's duties to
virus scan and otherwise test the information provided before loading onto any
computer system.
No warranty is made that this material
is free from computer virus or any other defect or
error.
Any loss/damage incurred by using this
material is not the sender's responsibility. CVGT�s entire liability
will be limited to resupplying the material.Please contact us at
www.cvgt.com.au for further information regarding this
disclaimer. | | | |
| garypnew@xxxx.yyy
| | 03/31/2006 7:01 AM |
| I'm
interested in that as well. Could someone either send that program to
me or post somewhere where I can download? Thanks.
-Gary
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Scott KlassenSent: Friday, March 31, 2006 1:19
PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir]
Reset Local Admin Passwords
A bit dated I know, but
Danish company™s web site seems to have gone kaput. Does anyone here
happen to have a copy of DCPC to share?
Scott
Klassen
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Katrin
WilhelmSent: Tuesday, January
31, 2006 3:54 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Reset Local Admin
Passwords
Use a tool call DCPC
(DC password changer) freeware you can find it here http://www.danish-company.com/dcpc
all you need is the domain admin password and all PC running. “ Strait forward
and I am changing the password every 2-3 month.
Cheers,
Katrin
Wilhelm (MCSA)CVGT Employment & Training
SpecialistsAustraliaE-mail: kwilhelm@xxxxxxxxxxx
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of
bonnie.pohlschneider@xxxxxxxxxxxxxxxxxxSent: Wednesday, 1 February 2006 4:09
AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Reset Local Admin
Passwords
We do
realize the potential risk in this but this request is coming from
a higher authority (my boss).
I've been asked to find a way to change it and I believe that they are going to have the password
reset on a monthly
basis.
-----Original Message----- From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Laura E. Hunter Sent: Tuesday, January 31, 2006 11:30 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: Re: [ActiveDir] Reset Local Admin
Passwords
> >
We currently have about 4 different passwords floating around our
> > domain
and we'd like to get it down to a single standard. Any help
> > would be
appreciated. >
> >
>
Okay, just
to offer a counterpoint to your underlying plan - you do realise that by using a single local admin
password across your enterprise, if even -one- of those workstations gets the
admin password compromised, the attacker who did so now has local admin
rights to every workstation on your network? With apologies to
Jesper JohannsenΏ], it's one of those "How to get your network hacked in 10
easy steps" things
- if I've just compromised the local admin password of WorkstationA, what do you think is going to
be the very first password I try when I move on to try and compromise
WorkstationB?
Ώ] And
additional apologies for the fact that I'm sure I just spelled
his name wrong.
-- ----------------------- Laura E. Hunter Microsoft MVP - Windows Server
Networking Author:
_Active Directory Consultant's Field Guide_ (http://tinyurl.com/7f8ll) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Confidentiality:
The contents contain privileged and/or
confidential information intended for the named recipient of this
email.
CVGT does not warrant that the contents of
any electronically transmitted information will remain
confidential.
If the reader of this email is not the
intended recipient you are hereby notified that any use, reproduction,
disclosure or distribution of the information contained in the email is
prohibited.
If you receive this email in error, please
reply to us immediately and delete the
document.Viruses:
It is the recipient/client's duties to
virus scan and otherwise test the information provided before loading onto any
computer system.
No warranty is made that this material is
free from computer virus or any other defect or
error.
Any loss/damage incurred by using this
material is not the sender's responsibility. CVGT�s entire liability will
be limited to resupplying the material.Please contact us at
www.cvgt.com.au for further information regarding this
disclaimer. | | | |
| rdale
Posts:0
| | 03/31/2006 8:25 AM |
| http://mycuweb.com/dcpc.zip
Rick
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On
Behalf Of Scott Klassen
Sent: Friday, March 31, 2006 12:19
PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset
Local Admin Passwords
A bit dated I know, but Danish
company™s web site seems to have gone kaput. Does anyone here
happen to have a copy of DCPC to share?
Scott Klassen
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Katrin Wilhelm
Sent: Tuesday, January 31, 2006
3:54 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset
Local Admin Passwords
Use a tool call DCPC (DC password changer)
freeware you can find it here http://www.danish-company.com/dcpc
all you need is the domain admin password and all PC running. “ Strait
forward and I am changing the password every 2-3 month.
Cheers,
Katrin Wilhelm (MCSA)
CVGT Employment
& Training Specialists
Australia
E-mail: kwilhelm@xxxxxxxxxxx
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of bonnie.pohlschneider@xxxxxxxxxxxxxxxxxx
Sent: Wednesday, 1 February 2006
4:09 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset
Local Admin Passwords
We do
realize the potential risk in this but this request is coming from
a higher authority (my boss). I've been
asked to find a way to change it
and I believe that they are going
to have the password reset on a
monthly basis.
-----Original
Message-----
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Laura E. Hunter
Sent: Tuesday, January 31, 2006
11:30 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Reset
Local Admin Passwords
> >
We currently have about 4 different passwords floating around our
> > domain and we'd like to
get it down to a single standard. Any help
> > would be appreciated.
> >
> >
Okay,
just to offer a counterpoint to your underlying plan - you do
realise that by using a single
local admin password across your
enterprise, if even -one- of those
workstations gets the admin password
compromised, the attacker who did
so now has local admin rights to every
workstation on your network?
With apologies to Jesper JohannsenΏ],
it's one of those "How to get
your network hacked in 10 easy steps"
things - if I've just compromised
the local admin password of
WorkstationA, what do you think is
going to be the very first password I
try when I move on to try and
compromise WorkstationB?
Ώ] And
additional apologies for the fact that I'm sure I just spelled
his name wrong.
--
-----------------------
Laura E. Hunter
Microsoft MVP - Windows Server
Networking
Author: _Active
Directory Consultant's Field Guide_
(http://tinyurl.com/7f8ll)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
Confidentiality:
The contents contain privileged
and/or confidential information intended for the named recipient of this email.
CVGT does not warrant that
the contents of any electronically transmitted information will remain
confidential.
If the reader of this
email is not the intended recipient you are hereby notified that any use,
reproduction, disclosure or distribution of the information contained in the
email is prohibited.
If you receive this email
in error, please reply to us immediately and delete the document.
Viruses:
It is the recipient/client's
duties to virus scan and otherwise test the information provided before loading
onto any computer system.
No warranty is made that
this material is free from computer virus or any other defect or error.
Any loss/damage incurred
by using this material is not the sender's responsibility. CVGT�s
entire liability will be limited to resupplying the material.
Please contact us at www.cvgt.com.au for further information regarding this
disclaimer. | | | |
| garypnew@xxxx.yyy
| | 03/31/2006 9:51 AM |
| Thanks
Rick. -Gary
Gary PolvinaleIT Systems
ManagerDenton ATD,
Inc.Milan
OHgaryp@xxxxxxxxxxxxx419-625-5200 x11
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Active DirectorySent: Friday, March 31, 2006 3:24
PMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir]
Reset Local Admin Passwords
http://mycuweb.com/dcpc.zip
Rick
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Scott
KlassenSent: Friday, March 31,
2006 12:19 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Reset Local Admin
Passwords
A bit dated I know, but
Danish company™s web site seems to have gone kaput. Does anyone here
happen to have a copy of DCPC to share?
Scott
Klassen
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Katrin
WilhelmSent: Tuesday, January
31, 2006 3:54 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Reset Local Admin
Passwords
Use a tool call DCPC
(DC password changer) freeware you can find it here http://www.danish-company.com/dcpc
all you need is the domain admin password and all PC running. “ Strait forward
and I am changing the password every 2-3 month.
Cheers,
Katrin
Wilhelm (MCSA)CVGT Employment & Training
SpecialistsAustraliaE-mail: kwilhelm@xxxxxxxxxxx
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of
bonnie.pohlschneider@xxxxxxxxxxxxxxxxxxSent: Wednesday, 1 February 2006 4:09
AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Reset Local Admin
Passwords
We do
realize the potential risk in this but this request is coming from
a higher authority (my boss).
I've been asked to find a way to change it and I believe that they are going to have the password
reset on a monthly
basis.
-----Original Message----- From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Laura E. Hunter Sent: Tuesday, January 31, 2006 11:30 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: Re: [ActiveDir] Reset Local Admin
Passwords
> >
We currently have about 4 different passwords floating around our
> > domain
and we'd like to get it down to a single standard. Any help
> > would be
appreciated. >
> >
>
Okay, just
to offer a counterpoint to your underlying plan - you do realise that by using a single local admin
password across your enterprise, if even -one- of those workstations gets the
admin password compromised, the attacker who did so now has local admin
rights to every workstation on your network? With apologies to
Jesper JohannsenΏ], it's one of those "How to get your network hacked in 10
easy steps" things
- if I've just compromised the local admin password of WorkstationA, what do you think is going to
be the very first password I try when I move on to try and compromise
WorkstationB?
Ώ] And
additional apologies for the fact that I'm sure I just spelled
his name wrong.
-- ----------------------- Laura E. Hunter Microsoft MVP - Windows Server
Networking Author:
_Active Directory Consultant's Field
Guide_ (http://tinyurl.com/7f8ll) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Confidentiality:
The contents contain privileged and/or
confidential information intended for the named recipient of this
email.
CVGT does not warrant that the contents of
any electronically transmitted information will remain
confidential.
If the reader of this email is not the
intended recipient you are hereby notified that any use, reproduction,
disclosure or distribution of the information contained in the email is
prohibited.
If you receive this email in error, please
reply to us immediately and delete the
document.Viruses:
It is the recipient/client's duties to
virus scan and otherwise test the information provided before loading onto any
computer system.
No warranty is made that this material is
free from computer virus or any other defect or
error.
Any loss/damage incurred by using this
material is not the sender's responsibility. CVGT�s entire liability will
be limited to resupplying the material.Please contact us at
www.cvgt.com.au for further information regarding this
disclaimer. | | | |
| klas9574
Posts:1
| | 03/31/2006 10:50 AM |
| Thank you sir, much appreciated.
Scott Klassen
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On
Behalf Of Active Directory
Sent: Friday, March 31, 2006 2:24
PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset
Local Admin Passwords
http://mycuweb.com/dcpc.zip
Rick
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Scott Klassen
Sent: Friday, March 31, 2006 12:19
PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset
Local Admin Passwords
A bit dated I know, but Danish
company™s web site seems to have gone kaput. Does anyone here
happen to have a copy of DCPC to share?
Scott Klassen
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Katrin Wilhelm
Sent: Tuesday, January 31, 2006
3:54 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset
Local Admin Passwords
Use a tool call DCPC (DC password changer)
freeware you can find it here http://www.danish-company.com/dcpc
all you need is the domain admin password and all PC running. “ Strait
forward and I am changing the password every 2-3 month.
Cheers,
Katrin Wilhelm (MCSA)
CVGT Employment
& Training Specialists
Australia
E-mail: kwilhelm@xxxxxxxxxxx
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of bonnie.pohlschneider@xxxxxxxxxxxxxxxxxx
Sent: Wednesday, 1 February 2006
4:09 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset
Local Admin Passwords
We do
realize the potential risk in this but this request is coming from
a higher authority (my boss). I've
been asked to find a way to change it
and I believe that they are going
to have the password reset on a
monthly basis.
-----Original
Message-----
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Laura E. Hunter
Sent: Tuesday, January 31, 2006
11:30 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Reset
Local Admin Passwords
> >
We currently have about 4 different passwords floating around our
> > domain and we'd like to
get it down to a single standard. Any help
> > would be appreciated.
> >
> >
Okay,
just to offer a counterpoint to your underlying plan - you do
realise that by using a single
local admin password across your
enterprise, if even -one- of those
workstations gets the admin password
compromised, the attacker who did
so now has local admin rights to every
workstation on your network?
With apologies to Jesper JohannsenΏ],
it's one of those "How to get
your network hacked in 10 easy steps"
things - if I've just compromised
the local admin password of
WorkstationA, what do you think is
going to be the very first password I
try when I move on to try and compromise
WorkstationB?
Ώ] And
additional apologies for the fact that I'm sure I just spelled
his name wrong.
--
-----------------------
Laura E. Hunter
Microsoft MVP - Windows Server
Networking
Author: _Active
Directory Consultant's Field Guide_
(http://tinyurl.com/7f8ll)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
Confidentiality:
The contents contain privileged
and/or confidential information intended for the named recipient of this email.
CVGT does not warrant that
the contents of any electronically transmitted information will remain
confidential.
If the reader of this
email is not the intended recipient you are hereby notified that any use,
reproduction, disclosure or distribution of the information contained in the
email is prohibited.
If you receive this email
in error, please reply to us immediately and delete the document.
Viruses:
It is the recipient/client's
duties to virus scan and otherwise test the information provided before loading
onto any computer system.
No warranty is made that
this material is free from computer virus or any other defect or error.
Any loss/damage incurred
by using this material is not the sender's responsibility. CVGT�s
entire liability will be limited to resupplying the material.
Please contact us at www.cvgt.com.au for further information regarding this
disclaimer. | | | |
|
|