 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows 2000 / Security / June 2008What application to use to change local admin password on multiple PC's
Hi, Does anyone know of a good application to change local admin password on multiple servers / PC's. I will have to do this evrey month now since we got audited. Thanks and Regards, Barry You could use something like cusrmgr [best for unique passwords] from the Resource Kit or psspasswd from SysInternals/Microsoft. The links below explain more. You could also use a Group Policy startup script that use the net user command as in net user administrator newpassword but if you do be sure to change the permissions on that startup script so that it does not include users/domain users/authenticated users/everyone but instead has permissions for administrators and domain computers otherwise curios users could browse to the sysvol share and read the newpassword in the script. Steve http://support.microsoft.com/kb/272530 http://www.microsoft.com/technet/sysinternals/utilities/pspasswd.mspx --- pspasswd Steve > Hi, > [quoted text clipped - 5 lines] > > Barry We use a product called autocipher. It changes the password to a unique value on every pc in the organization. No one knows the current password on any machine. You have to request the password for a machine, which will begin an audit trail for your account. It fulfils the requirements we were looking for: 1. Low cost 2. Saves admin time running scripts and troubleshooting 3. Solves security risk (no one can get to any sensitive data) 4. SOX & regulatory compliance issue (accountability for shared Admin ID) 5. Works with WorkGroups in our DMZ 6. Integrated into our AD environment--automatically picks up new machines added to the domain and changes them as required (every 7 days, 30 days etc.) check it out if you get a chance (www.autocipher.com)  Signaturebbrbrp http://forums.techarena.in Check out the Passgen tool from Jesper's and my book, "Protect Your Windows Network." You can download the tool free from http://www.protectyourwindowsnetwork.com/tools.htm. SignatureSteve Riley steve.riley@microsoft.com http://blogs.technet.com/steriley http://www.protectyourwindowsnetwork.com > Hi, > [quoted text clipped - 5 lines] > > Barry What you will probably run into if you mean you want to set the account to a known, usable password, whether the same on all of the machines (not the best plan in my view), the same on sets of machines with there being so many sets your machines are divided into, or unique per machine, is keeping track of which machines were available and had the account successfully set to the new password. One approach is to use an indicator, like some reg key or file that only admins can create/delete. Then, your remote process checks if the indicator exists in correct state, and it not then it sets the password to new value. Alternatively, you can track the change state centrally, as in database. The method used will depend much on how you change the pwd, whether with something like a WMI script, pspassword, machine startup script, etc.. Roger > Hi, > [quoted text clipped - 5 lines] > > Barry |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.