Admin Account

SilentsoulSilentsoul Member Posts: 260
in Off-Topic
I have an old admin account from a previous sys admin, it is in control of some processes on a win2k3 box. I want to remove his access from the system with the lease amount of administrative effort. Should I just rename the user name and change the password or delete the account entirely?

Thanks for your help. I just took the job and this is one of the Priority one things i want to get fixed as well as disabling all the ex admins accounts.
· Share on FacebookShare on Twitter

Comments

  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Disable the account first and see if anything blows up :). Schedule jobs, Backup programs etc. often run with user accounts specified and you don't want to find something important just came to a halt without being able to just enable it again and work through the issues at your own pace and then get rid of it.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    · Share on FacebookShare on Twitter
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    How many servers are we talking about here?

    I don't know of a quick way to do this. Just start connecting to the services applet on each of the servers, sort by the log on account, and change all of the services that are running under the context of his user account. Also look at the scheduled tasks. Don't spend too much time looking for a quick automated way of doing it, you have to get this done immediately if you are concerned about the integrity of the network.

    You really need to audit everything and make sure there aren't any services or tasks running under any user's windows account. Finally, you need to change all the passwords of the accounts under which your services run. For example, people often run their backup software under the context of an admin or domain admin user, if you don't change this password, that's an easy back door to exploit.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
    · Share on FacebookShare on Twitter
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    I have a script where you can enter a list of servers and enter an account name and it'll look on those servers and see if that account is used to start services. It's on my laptop and I'll upload it in a bit. I found it on some website a year or so back and don't remember the site.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
    · Share on FacebookShare on Twitter
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    Here's the script:
    http://theessentialexchange.com/blogs/michael/archive/2007/11/13/finding-services-using-non-system-accounts.aspx
    “For success, attitude is equally as important as ability.” - Harry F. Banks
    · Share on FacebookShare on Twitter
  • SilentsoulSilentsoul Member Posts: 260
    Thanks guys this gives me a starting place, I know what I have to do just not sure exactly how to go about it. This will be my first time going about doing something like this. I am gonna do some more research tonight and tomorrow morning but I want to have it completed by COB tomorrow. Thanks again.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.