Pitfalls of admin passwords
amyamandaallen
Member Posts: 316
in Off-Topic
Hi,
Weve been asked to change to overall admin password and I seem to remember there were a few pitfalls with doing this.
Our setup
2 2003 domain controllers ( one being exchange )
1 2k3 citrix server
4 SQL 2k3 and 2000 servers
5 Member servers
Each have both the local account and domain account with the same password.
Dont think this is question from any text but would like to know any real world experiences.
Many thanks.
Weve been asked to change to overall admin password and I seem to remember there were a few pitfalls with doing this.
Our setup
2 2003 domain controllers ( one being exchange )
1 2k3 citrix server
4 SQL 2k3 and 2000 servers
5 Member servers
Each have both the local account and domain account with the same password.
Dont think this is question from any text but would like to know any real world experiences.
Many thanks.
Remember I.T. means In Theory ( it should works )
Comments
-
RussS Member Posts: 2,068 ■■■□□□□□□□The biggest pitfall that I can think of is that many people forget that the admin password usually is used for AV security and backups. If all isn't changed there can be a few issues along the waywww.supercross.com
FIM website of the year 2007 -
sprkymrk Member Posts: 4,884 ■■■□□□□□□□I agree with RussS. Make sure you change the password in your "Services" for Backup, Exchange, and anything else that might be running as a service under the admin account.
Also, probably not an issue with the admin account, but if you change it in any other way than logging in as admin and changing it (say you changed it by right clicking the user account in Computer Management or ADUC) you will lose access to any EFS encrypted files by the admin user and any saved passwords in IE.All things are possible, only believe. -
garv221 Member Posts: 1,914Backups yes and sometimes printers uses the admin account to send scans from the printer through SMTP to a client mailbox.
-
Trailerisf Member Posts: 455garv221 wrote:Backups yes and sometimes printers uses the admin account to send scans from the printer through SMTP to a client mailbox.On the road to Cisco. Will I hunt it, or will it hunt me?
-
blargoe Member Posts: 4,174 ■■■■■■■■■□Some morons use the administrator account for scheduled tasks and to run jobs in SQL Server as well. You have to think about everything that is important to your business and examine it closely.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
keatron Member Posts: 1,213 ■■■■■■□□□□The biggest pitfall in my opinion of having the domain and local admin account with the same passwords is the fact that if I own that box, I own that domain. I won't go in to detail as to how vulnearble those boxes are (and for those who are wondering, even with the latest patches they're still swiss cheese).
A common first step after busting the local admin account on a machine is seeing if that password is the same as the domain admin account. I'm usually teaching anywhere from 1 to 2 security classes per month and this is one of the big things I ALWAYS teach against.
Might I ask this question? What is the business or operational justification for this model? -
amyamandaallen Member Posts: 316Sure, its a charity.
My boss is being asked by her boss to change the admin/system password we both used to share and give us an individual admin account password of our own. I dont disagree with the change.
He says its for security ( ) but I just think after our payrises he thinks we'll just pee off and do damage! Yep - like IM THAT STUPID !!
However I can already see some things no longer working right . Oh well, stupid is as stupid does.Remember I.T. means In Theory ( it should works )