jdteichmer
asked on
Domain Administrator Password Change Issues
I recently read an answer to a question regarding issues when changing the Domain Administrators password. The answer contained the following:
"If you are using Certificates and the Administrator uses these then make sure you change the password from the CTRL-ALT-DEL dialog or you may lose the link to the certificate and thus access to anything controlled by that certificate (like encrypted files)."
This left me with this question:
Are certificates managed as a domain entity and if not what happens to certificates on other Domain Controllers once you change the Domain Administrators password from another Domain Controller as described above?
Thanks,
Darin
"If you are using Certificates and the Administrator uses these then make sure you change the password from the CTRL-ALT-DEL dialog or you may lose the link to the certificate and thus access to anything controlled by that certificate (like encrypted files)."
This left me with this question:
Are certificates managed as a domain entity and if not what happens to certificates on other Domain Controllers once you change the Domain Administrators password from another Domain Controller as described above?
Thanks,
Darin
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
BTW: You also should consider, that some services on the server(s) is started with the domain administrators password, and maybe some scheduled tasks.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
You Cannot Decrypt Files After You Reset Your Password with a Password-Reset Disk
http://support.microsoft.com/default.aspx?scid=kb;en-us;308273
If you're a domain administrator - read HOW TO: Configure a Domain EFS Recovery Policy in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;313365
HOW TO: Back Up the Recovery Agent Encrypting File System Private Key in Windows 2000
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q241/2/01.asp&NoWebContent=1
Encrypting/Decrypting Data Across Systems
http://support.microsoft.com/default.aspx?scid=kb;en-us;277786
HOW TO: Encrypt Files and Folders on a Remote Windows 2000 Server
http://support.microsoft.com/default.aspx?scid=kb;en-us;320044
NTFS - EFS - Learn Windows 2000 Core Exams in 15 Minutes a Week - Administration of Resources - Part 1:
http://www.2000trainers.com/printarticle.aspx?articleID=20
Step-by-Step Guide to Administering Certificate Services - Nice introduction from Microsoft on Certificate Authorities. In this document you find simple practises where you install a stand-alone CA, do a backup and restore of it, issue certificates, revoke certificates and publish CRLs (Certificate Revocation Lists). 10 pages.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/howto/pubkeyox.asp
Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark
:o) Your brain is like a parachute. It works best when it's open