Security Basics mailing list archives
RE: Changing the domain admin password.
From: "Scott Ramsdell" <Scott.Ramsdell () cellnet com>
Date: Fri, 2 Feb 2007 11:51:04 -0500
Gary, You can look for authentication attempts on your domain controller to see where the admin acct logs in. Ideally, the admin acct wouldn't be used, rather you would have a separate service acct for each service that needed rights. That way you could assign specific rights to each service (they likely don't need domain admin rights, they likely only need local admin rights or specific rights on a few select boxes). However, I just wanted to throw out a reminder: changing the domain admin password does not change the AD restore password. Kind Regards, Scott Ramsdell -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Gary Collis Sent: Thursday, February 01, 2007 2:41 PM To: security-basics () lists securityfocus com Subject: Changing the domain admin password. Time has come to change the domain admin password. Unfortunately this is used (hardcoded?) across the network in lots of different places, services, virus downloads etc. Does anyone know of a way for me to audit the admin account so I can see where it is currently in use. Has anyone got any other tips for changing the domain admin password without lots of pain? Thanks,
Current thread:
- Changing the domain admin password. Gary Collis (Feb 02)
- RE: Changing the domain admin password. Scott Ramsdell (Feb 02)
- Re: Changing the domain admin password. Mike Devlin (Feb 02)
- RE: Changing the domain admin password. Roger A. Grimes (Feb 02)
- <Possible follow-ups>
- Re: FW: Changing the domain admin password. Russell Barnes (Feb 02)
- Re: Changing the domain admin password. sami.ghourabi (Feb 02)