We do realize the potential risk in this but this request is coming from
a higher authority (my boss). I've been asked to find a way to change it
and I believe that they are going to have the password reset on a
monthly basis.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Laura E. Hunter
Sent: Tuesday, January 31, 2006 11:30 AM
To: [email protected]
Subject: Re: [ActiveDir] Reset Local Admin Passwords
> > We currently have about 4 different passwords floating around our
> > domain and we'd like to get it down to a single standard. Any help
> > would be appreciated.
> >
> >
Okay, just to offer a counterpoint to your underlying plan - you do
realise that by using a single local admin password across your
enterprise, if even -one- of those workstations gets the admin password
compromised, the attacker who did so now has local admin rights to every
workstation on your network? With apologies to Jesper Johannsen[1],
it's one of those "How to get your network hacked in 10 easy steps"
things - if I've just compromised the local admin password of
WorkstationA, what do you think is going to be the very first password I
try when I move on to try and compromise WorkstationB?
[1] And additional apologies for the fact that I'm sure I just spelled
his name wrong.
--
-----------------------
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_
(http://tinyurl.com/7f8ll)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
