Actually once it compromised the one machine it doesn't even need to try passwords on the others, if running in that security context it it could connect directly. I have seen that in a couple of cases where whole groups of PCs were nailed in seconds. Quite fun. :)
-- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter Sent: Tuesday, January 31, 2006 11:30 AM To: [email protected] Subject: Re: [ActiveDir] Reset Local Admin Passwords > > We currently have about 4 different passwords floating around our > > domain and we'd like to get it down to a single standard. Any help > > would be appreciated. > > > > Okay, just to offer a counterpoint to your underlying plan - you do realise that by using a single local admin password across your enterprise, if even -one- of those workstations gets the admin password compromised, the attacker who did so now has local admin rights to every workstation on your network? With apologies to Jesper Johannsen[1], it's one of those "How to get your network hacked in 10 easy steps" things - if I've just compromised the local admin password of WorkstationA, what do you think is going to be the very first password I try when I move on to try and compromise WorkstationB? [1] And additional apologies for the fact that I'm sure I just spelled his name wrong. -- ----------------------- Laura E. Hunter Microsoft MVP - Windows Server Networking Author: _Active Directory Consultant's Field Guide_ (http://tinyurl.com/7f8ll) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
