I controlled access to the script and the password file, so after the system password is changed and the new password verified, I take care of the documentation of the password in the vault ( ie Keepass) and delete the password file. Worked on a network with over 700+ servers. Z
Edward E. Ziots Senior Informational Security Engineer CISSP,Security +,Network+ From: [email protected] To: [email protected] Date: Tue, 17 Jan 2012 14:11:08 +0000 Subject: RE: Quarterly Admin password change OK I’m sold. Are you guys talking about products like this? http://www.cyber-ark.com/digital-vault-products/pim-suite/index.asp Looks like more than I really need. Ed, how do you use cusrmgr.exe w/out having the password exposed in a similar manner? Has anyone used this? Looks to be able to centrally change the local admin password, and even make it different for each one. http://www.avianwaves.com/Blog/default.aspx?id=3 Sean, a search for eGuard Post led me to Quest, buy they have cleverly disguised what I am really looking for in their website. Do you have a link? Dave From: Alan Davies [mailto:[email protected]] Sent: Tuesday, January 17, 2012 1:30 AM To: NT System Admin Issues Subject: RE: Quarterly Admin password change The purist would say having non-unique passwords for common accounts is a vulnerability itself, never mind how you set them! ;o) For those who can't afford the likes of CyberArk to manage all passwords individually, pass-the-hash attacks should be considered carefully. Allowing the password to be in a world-readable location for a week would be foolish in many environments (eg. callcentres, educational facilities, etc.) and an audit finding in most regulated ones. Make sure you consider the many "aggravating" factors that might make the risk an external one too ... poorly secured network integrated wi-fi, un-monitored ethernet points with public (or at least non-staff) physical access. You get the gist! a From: Brian Desmond [mailto:[email protected]] Sent: 16 January 2012 23:51 To: NT System Admin Issues Subject: RE: Quarterly Admin password change The purist would see that that’s a week the password could be compromised. I’d probably let it slide though, especially in a small environment. Thanks, Brian Desmond [email protected] w – 312.625.1438 | c – 312.731.3132 From: David Lum [mailto:[email protected]] Sent: Monday, January 16, 2012 2:43 PM To: NT System Admin Issues Subject: RE: Quarterly Admin password change Saw that. My mitigation is to use the GPO for a week then nuke it, as our standard builds show follow the new PW convention and the GPO is to just catch up the previously-built systems. Thoughts? Dave From: Brian Desmond [mailto:[email protected]] Sent: Monday, January 16, 2012 12:38 PM To: NT System Admin Issues Subject: RE: Quarterly Admin password change Keep this in mind - http://blogs.technet.com/b/grouppolicy/archive/2008/08/04/passwords-in-group-policy-preferences.aspx. Thanks, Brian Desmond [email protected] w – 312.625.1438 | c – 312.731.3132 From: David Lum [mailto:[email protected]] Sent: Monday, January 16, 2012 8:04 AM To: NT System Admin Issues Subject: RE: Quarterly Admin password change +1 just did that myself via GPP. Our “local admin maintenance GPO” does two things: · Renames the local admin account. · Sets the password on the added-in local administrator account. Dave From: ed ziots [mailto:[email protected]] Sent: Sunday, January 15, 2012 2:49 PM To: NT System Admin Issues Subject: RE: Quarterly Admin password change +1, that is pretty easy one. Also make sure you rename it to something else than "Administrator" and create a dummy admin account which is only a "Guest" and disabled, and audit its attempted use for audit and incident response purposes. Also can script it out with cusrmgr.exe from the Windows 2000 resource kit. Z Edward E. Ziots Senior Informational Security Engineer CISSP,Security +,Network+ > From: [email protected] > To: [email protected] > Subject: RE: Quarterly Admin password change > Date: Sun, 15 Jan 2012 22:42:35 +0000 > > Easy to do with GPP or with a script. > > Regards, > > Michael B. Smith > Consultant and Exchange MVP > http://TheEssentialExchange.com > > -----Original Message----- > From: Juned Shaikh [mailto:[email protected]] > Sent: Sunday, January 15, 2012 5:16 PM > To: NT System Admin Issues > Subject: Quarterly Admin password change > > I am trying to identify how are you folks managing the security requirement > of changing Local admin password of all servers quarterly? > > Thanks in advance, > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ************************************************************************************ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
