Windows & .NET Magazine Security UPDATE--Changing the Administrator Password--January 28, 2004

[William Knowles <wk () c4i org>]

====================

==== This Issue Sponsored By ====

Exchange & Outlook Administrator
   http://list.winnetmag.com/cgi-bin3/DM/y/eePq0CJgSH0CBw0BEf10Aw

====================

1. In Focus: Changing the Local Administrator Password

2. Announcements
     - Need a SQL Server Time-Saver?
     - Download a Free eBook--"A Guide to Group Policy"

3. Security News and Features
     - Recent Security Vulnerabilities
     - News: New MyDoom Email Virus Spreads Quickly
     - News: MBSA 1.2 Now Available
     - Feature: Microsoft Baseline Security Analyzer

4. Instant Poll
     - Results of Previous Poll: Online Fraud
     - New Instant Poll: Wireless Networking

5. Security Toolkit
     - Virus Center
         - Virus Alert: Bagle.A
     - FAQ: How Can I Use the Active Directory Connector (ADC) Tools
       for Exchange Server 2003?
     - Featured Thread: Local Administrator Account

6. Event
     - New--Microsoft Security Strategies Roadshow!

7. New and Improved
     - Communications Security for Corporate Desktops
     - Honeypot Detects Intrusion
     - Tell Us About a Hot Product and Get a T-Shirt

8. Contact Us
   See this section for a list of ways to contact us.

====================

==== Sponsor: Exchange & Outlook Administrator ====
   Try a Sample Issue of Exchange & Outlook Administrator!
   If you haven't seen Exchange & Outlook Administrator, you're
missing out on key information that will go a long way towards
preventing serious messaging problems and down time. Request a sample
issue today, and discover tools you won't find anywhere else to help
you migrate, optimize, administer, and secure Exchange and Outlook.
Order now!
   http://list.winnetmag.com/cgi-bin3/DM/y/eePq0CJgSH0CBw0BEf10Aw

====================

==== 1. In Focus: Changing the Local Administrator Password ====
   by Mark Joseph Edwards, News Editor, mark () ntsecurity net

In many network environments, preventing users from having access to
the local Administrator account is a good idea. Otherwise, a user
could use the account to log on and make unauthorized changes to the
system and possibly access unauthorized resources on the network.

A typical scenario for configuring the various user accounts on a
network is to establish user accounts that have only the access
capabilities required for a user to perform his or her work and to set
the local Administrator account password on each machine to something
unknown to nonadministrative users. In environments with multiple
domains, setting the local Administrator password to a different value
in each domain is often a good idea. You should also periodically
change the local Administrator passwords.

If your network has dozens, hundreds, or even thousands of machines,
changing passwords across all the machines can be challenging,
especially if you don't use Active Directory (AD). A reader recently
wrote, asking how to perform such a task in an environment without AD.
Two ideas come to mind: using a third-party tool or using scripts.

If you prefer the third-party tool option, several tools on the market
might fit your needs. Some password-changing tools come as parts of
network-management packages, and some are more tailored to the task at
hand. Back in October 2001, I mentioned a tool called DCPC, which can
change all the local Administrator passwords across a network. Some
people have told me they aren't comfortable using it because it's
freeware and because it comes from a company that doesn't appear to be
very established. I haven't used DCPC and can't vouch for its
trustworthiness, but it's still available.
   http://www.danish-company.com/dcpc

Another tool you might consider is Hyena, which is available from
SystemTools Software. Hyena performs a variety of tasks, among them
the ability to change local Administrator passwords on multiple
machines across a network. I think it's reasonably priced, and
according to the Web site, you can download a fully functional
evaluation version. Other solutions are undoubtedly available, so do
some research and shop around to find a solution that fits your needs.
   http://www.adkins-resource.com/hyena/index.html

If you just need to change the local Administrator password on a few
machines, consider using cusrmgr.exe, which is available in the
"Microsoft Windows 2000 Resource Kit." The tool works for Win2K and
Windows NT systems. You can read more about cusrmgr.exe in the
Microsoft article "How to Use the Cusrmgr.exe Tool to Change
Administrator Account Password on Multiple Computers."
   http://www.microsoft.com/windows/reskits/default.asp
   http://support.microsoft.com/?kbid=272530

If you don't mind using scripts, try the Win32::AdminMisc Perl module
(available at the first URL below), developed by Windows & .NET
Magazine author Dave Roth. The Windows & .NET Magazine article "How to
Manage Your Enterprise's Passwords the Easy Way" (at the second URL
below) explains how to manage local Administrator passwords by using
Win32::AdminMisc. The article offers detailed explanations and Perl
source code that you can modify to fit your needs.
   http://www.roth.net/perl/adminmisc
   http://www.winnetmag.com/article/articleid/3687/3687.html

Be aware that when you use some tools--including scripts--passwords
might travel over your network in clear text, which means that someone
using a packet sniffer could obtain them. So consider that possibility
when choosing a solution for password management.

==== 2. Announcements ====
   (from Windows & .NET Magazine and its partners)

Need a SQL Server Time-Saver?
   SQL Server Magazine is a valuable treasury of SQL Server tools and
content. As a subscriber, you'll receive 12 print issues and gain
access to the entire online article archive, endless code listings,
valuable tips and tricks, and more. Bonus--the System Table Map poster
and Subscriber Benefits Card. Subscribe today!
   http://list.winnetmag.com/cgi-bin3/DM/y/eePq0CJgSH0CBw0BFAj0AJ

Download a Free eBook--"A Guide to Group Policy"
   Find essential information for understanding and using Group Policy
in Windows Server 2003 and Windows 2000 networks such as rolling out
network security settings, controlling client desktops, deploying
software, and performing a variety of other vital administrative
functions. Download this eBook today!
   http://list.winnetmag.com/cgi-bin3/DM/y/eePq0CJgSH0CBw0BEzr0AN

====================

==== Sponsor: Virus Update from Panda Software ====
   Are your traditional antivirus solutions really protecting your
network? Panda Antivirus GateDefender is a dedicated hardware device
installed at the Internet gateway to block viruses before they
contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus
GateDefender 7200 (500 seats+) provide the highest scalability with
native load balancing that transparently adapts to traffic volume.
   Visit "Panda's GateDefender Stands Guard!" at
http://list.winnetmag.com/cgi-bin3/DM/y/eePq0CJgSH0CBw0BEGa0AF
for more information.

====================

==== 3. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
at
   http://www.winnetmag.com/departments/departmentid/752/752.html

News: New MyDoom Email Virus Spreads Quickly
   A new email virus called MyDoom is spreading rapidly across the
Internet through UNIX mail servers, bringing with it a dangerous
attachment that, when opened, can give attackers access to users'
computers through an electronic backdoor. The MyDoom email message has
the following text in the body of the message: "The message contains
Unicode characters and has been sent as a binary attachment." The
subject lines and attachment names vary, but typical subject lines are
"Mail Delivery System" or "Mail Transaction Failed." The attachments
often appear as .zip files (e.g., document.zip, message.zip,
readme.zip) but can have virtually any extension, including .exe,
.cmd, or .pif. Read more about it in the linked article.
   http://www.winnetmag.com/article/articleid/41567/41567.html

News: MBSA 1.2 Now Available
   Microsoft released a new version of the Microsoft Baseline Security
Analyzer (MBSA) 1.2, which now has a graphical command-line interface
and support for English, French, German, and Japanese languages. Read
more about it on our Web site.
   http://www.winnetmag.com/article/articleid/41508/41508.html

Feature: Microsoft Baseline Security Analyzer
   Learn how to install, configure, and use MBSA in Jeff Fellinge's
article.
   http://www.winnetmag.com/article/articleid/41275/41275.html

==== 4. Instant Poll ====

Results of Previous Poll: Online Fraud
   The voting has closed in the Windows & .NET Magazine Network
Security Web page nonscientific Instant Poll for the question, "Have
you, your company, or someone you know been a victim of online fraud?"
Here are the results from the 95 votes.
   - 38% Yes
   - 58% No
   - 4% Not sure

New Instant Poll: Wireless Networking
   The next Instant Poll question is, "Does your company use wireless
networking?" Go to the Security Web page and submit your vote for
   - Yes, we use 802.11a
   - Yes, we use 802.11b
   - Yes, we use 802.11g
   - No
   http://www.winnetmag.com/windowssecurity

==== 5. Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.winnetmag.com/windowssecurity/panda

Virus Alert: Bagle.A is a nondestructive worm that spreads in an email
message with the subject "Hi." The message includes an attached file
with a name that consists of several random characters and has an .exe
extension. Bagle.A is designed to cease working after today (January
28). The worm attempts to connect to several Web pages (now disabled)
through port 6777 to update itself and create an inventory of the
affected users. The worm also attempts to download files and cause
them to run on an affected computer.

FAQ: How Can I Use the Active Directory Connector (ADC) Tools for
Exchange Server 2003?
   by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. The ADC is responsible for synchronizing information between an
Exchange Server 5.5 directory and Active Directory (AD). With the
release of the Exchange 2003 version of ADC, Microsoft addressed many
of the concerns related to the complexity of using the connector by
simplifying the process of creating connection agreements and
resolving known problems.

Read the rest of this FAQ, which includes detailed instructions about
using the ADC, on our FAQ site.
   http://www.winnetmag.com/article/articleid/41444/41444.html

Featured Thread: Local Administrator Account
   (Two messages in this thread)
   A user writes that he has a Windows 2000 Professional computer with
one account (Administrator) whose password he's forgotten. He wants to
know how to access the system locally to change the password without
having to reinstall the OS. Lend a hand or read the responses:
http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=66859

==== 6. Event ====

New--Microsoft Security Strategies Roadshow!
   We've teamed with Microsoft, Avanade, and Network Associates to
bring you a full day of training to help you get your organization
secure and keep it secure. You'll learn how to implement a
patch-management strategy; lock down servers, workstations, and
network infrastructure; and implement security policy management.
Register now for this free, 20-city tour.
   http://list.winnetmag.com/cgi-bin3/DM/y/eePq0CJgSH0CBw0BELe0AO

==== 7. New and Improved ====
   by Jason Bovberg, products () winnetmag com

Communications Security for Corporate Desktops
   SSH Communications Security announced SSH Tectia Client/Server 4.0,
a multiplatform secure-communications solution based on Secure Shell
(SSH) technology. SSH Tectia Client/Server consists of three product
modules: SSH Tectia Server 4.0, SSH Tectia Client 4.0, and SSH Tectia
Connector 4.0. The modules use standards-based encryption and
authentication to deploy secure communications for business-critical
applications without the need to modify supporting IT infrastructures
or applications. For pricing and ordering information, contact SSH
Communications Security at 650-251-2700 or on the Web.
   http://www.ssh.com

Honeypot Detects Intrusion
   KeyFocus announced KFSensor 2.0, the latest version of the
company's honeypot-based Intrusion Detection System (IDS). KFSensor
emulates services and gathers information about hackers when they
attack. The new version of KFSensor extends the product's emulation
and reporting features. For pricing and ordering information, contact
KeyFocus on the Web.
   http://www.kfsensor.com

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot () winnetmag com.

===================

==== Sponsored Links ====

Argent
   Comparison Paper: The Argent Guardian Easily Beats Out MOM
   http://list.winnetmag.com/cgi-bin3/DM/y/eePq0CJgSH0CBw0BDWV0AJ

===================

==== 8. Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

This email newsletter is brought to you by Windows & .NET Magazine,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.
   http://www.winnetmag.com/sub.cfm?code=wswi201x1z

View the Windows & .NET Magazine privacy policy at
http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy

Windows & .NET Magazine, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.