Pitfalls of admin passwords

amyamandaallenamyamandaallen Member Posts: 316
Hi,

Weve been asked to change to overall admin password and I seem to remember there were a few pitfalls with doing this. icon_confused.gif

Our setup

2 2003 domain controllers ( one being exchange )
1 2k3 citrix server
4 SQL 2k3 and 2000 servers
5 Member servers

Each have both the local account and domain account with the same password.

Dont think this is question from any text but would like to know any real world experiences.

Many thanks.
Remember I.T. means In Theory ( it should works )

Comments

  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    The biggest pitfall that I can think of is that many people forget that the admin password usually is used for AV security and backups. If all isn't changed there can be a few issues along the way icon_wink.gif
    www.supercross.com
    FIM website of the year 2007
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    I agree with RussS. Make sure you change the password in your "Services" for Backup, Exchange, and anything else that might be running as a service under the admin account.

    Also, probably not an issue with the admin account, but if you change it in any other way than logging in as admin and changing it (say you changed it by right clicking the user account in Computer Management or ADUC) you will lose access to any EFS encrypted files by the admin user and any saved passwords in IE.
    All things are possible, only believe.
  • garv221garv221 Member Posts: 1,914
    Backups yes and sometimes printers uses the admin account to send scans from the printer through SMTP to a client mailbox.
  • TrailerisfTrailerisf Member Posts: 455
    garv221 wrote:
    Backups yes and sometimes printers uses the admin account to send scans from the printer through SMTP to a client mailbox.
    Ugh, I would never ever reconmend that.
    On the road to Cisco. Will I hunt it, or will it hunt me?
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Some morons use the administrator account for scheduled tasks and to run jobs in SQL Server as well. You have to think about everything that is important to your business and examine it closely.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • keatronkeatron Member Posts: 1,213 ■■■■■■□□□□
    The biggest pitfall in my opinion of having the domain and local admin account with the same passwords is the fact that if I own that box, I own that domain. I won't go in to detail as to how vulnearble those boxes are (and for those who are wondering, even with the latest patches they're still swiss cheese).

    A common first step after busting the local admin account on a machine is seeing if that password is the same as the domain admin account. I'm usually teaching anywhere from 1 to 2 security classes per month and this is one of the big things I ALWAYS teach against.

    Might I ask this question? What is the business or operational justification for this model?
  • amyamandaallenamyamandaallen Member Posts: 316
    Sure, its a charity.

    My boss is being asked by her boss to change the admin/system password we both used to share and give us an individual admin account password of our own. I dont disagree with the change.

    He says its for security ( icon_rolleyes.gif ) but I just think after our payrises he thinks we'll just pee off and do damage! icon_cry.gif Yep - like IM THAT STUPID !!

    However I can already see some things no longer working right :D:D:D . Oh well, stupid is as stupid does.
    Remember I.T. means In Theory ( it should works )
Sign In or Register to comment.