90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!
changing the Administrator password
I have observed that in a standard installation of XP(SP1) or Win2K(SP4) *any* user belonging to the "administrator"-group can change without any problm the password of the master-user "Administrator".
Is it possible to protect the password of the user "Administrator" against such changings?
nmm
Is it possible to protect the password of the user "Administrator" against such changings?
nmm
Asked:
2 Solutions
On the other hand... that means you can just have any one of those folks in the Administrators group run an application that puts the Admin password back to the way you want it. We actually put a program like that in our login batch file periodically to clean up the mess the users make.
The program is called "RePass"... and is availabe as VB.Net source code at http://www.dpw.hood.army.mil/ftp/RePass
The program is called "RePass"... and is availabe as VB.Net source code at http://www.dpw.hood.army.mil/ftp/RePass
Thanks for that information!
If I am in the admin-group than it is possible to change the passwords of any other users in the admin-groupand than i am the only one, who can acess the system with admin-rights.
If I have admin-rights, so it should also possible to disable "repass".
And the idea to protect the log from changing will also not work: if I can change the password of admin1, than after doing that, I can login as admin1 and than I can erase the traces in any log i want.
What is the sense of "admnlock", if they
still "can reset the password just as before, if they are admins"?
-nmm
If I am in the admin-group than it is possible to change the passwords of any other users in the admin-groupand than i am the only one, who can acess the system with admin-rights.
If I have admin-rights, so it should also possible to disable "repass".
And the idea to protect the log from changing will also not work: if I can change the password of admin1, than after doing that, I can login as admin1 and than I can erase the traces in any log i want.
What is the sense of "admnlock", if they
still "can reset the password just as before, if they are admins"?
-nmm
Admins can change passwords, it is their inherent right of control.
Admins as the most trusted of the tech staff, with all the keys at their disposal.
All admins must trust each othe, it is the nature of position, just as mgmt must trust them.
If one admin is not trusted by the others, it is past time for a reorg to change access rights to reflect trustability.
Admins as the most trusted of the tech staff, with all the keys at their disposal.
All admins must trust each othe, it is the nature of position, just as mgmt must trust them.
If one admin is not trusted by the others, it is past time for a reorg to change access rights to reflect trustability.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
http://support.microsoft.com/default.aspx?scid=kb;en-us;q281140&sd=tech (still they can reset the password just as before, if they are admins)
If you tried to guess passwords using terminal services, you'd also Never Be Locked out, even if the failed attempts were exceeded- TS thinks of all accounts as Local, even if they are domain accounts. you will be disconnected from TS once you've guessed wrong a few times, but you can keep at it forever! But the user your trying to guess' passwrod would of had to log-on to that server first. Despite the patch for 2000, this still works on XPpro...
http://support.microsoft.com/default.aspx?scid=kb;EN-US;274372
-rich