Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 256
  • Last Modified:

Change NT Administrator Password

Hi,

Due to a securtity breach I need to change the administrator password.

Are there any major issues I need to be aware of?

I have checked all service accounts and made them good. I have a few SQL DB's that have domain/administrator as the owner. What will happen to these?

How is user manager/server manager controlled? I need to make sure these cant be accessed from client machines with the NT tools installed.

My plan is to disable the account and create a new one and put that in domain admins. This way I can set it all back if eveything starts to crash around my ears!

I'll split points to anyone who can give me any decent suggestions.

Thanks Experts!

YVS
0
yvsupport
Asked:
yvsupport
5 Solutions
 
Big5250Commented:
1.) You can't disable the administrator account, you can rename the administrator account, but not disable it.
2.) I would change my SQL accounts to use a dedicated service account instead of Administrator, for instances just like this.
3.) If you decide to keep the Admin as the DB account the services will need to be restarted.
4.) Verify that the Admin account isn't logged in somewhere in the network, it can't lock the account out, but if it continues to try to refresh with a bad password your security logs will fill up.
5.) I would suggest creating another account that has equivalent permissions as Admin and use it primarily.

hth
0
 
2hypeCommented:
It shouldnt cause a problem if change the administrators password.  The only problem you will run into are scheduled tasks, If you setup a username and passwords for some scheduled tasks (ex. Backups)  you will have to reset the username/password or it will not run.

Any Services that required you to enter a username/password will not startup unless you go to the service and click properties and reset the administrators password.

If you want to make a new administrator account.  I would just right click the existing administrator account and click copy and create a new one, that way they are members of all the same groups.  Once again any folder that you have gave permissions to just the Administrator Account will have to be changed to the Administrators group or the new administrator account.  Any of the scheduled tasks/ services will also have to be changed as mentioned above.

The administrator account cannot be deleted so you will diable it.  If you notice anything not working due to permissions which are using the administrator account you can always enable the account and everyting will work fine again.
0
 
cyberdevil67Commented:
Hi yvsupport,

 Agree with 2hype, changing the admin password should only have an effect on accounts that are using the old password, like shares etc. But that gives you an idea on who might have comprimised the system.

Cheers!
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
ViRoyCommented:


actually that wont affect shares at all. the administrator profile will not change at all. only change will be what you type in for the administrator password when prompted. all other aspects of the server will remain unchanged.
just dont forget your new password :)

the SQL databases will not be affected. this is profile based, designed to allow such security changes.

user/server manager can only be used by someone with administrator privelidges. changing the password would effectively deny access to all who do not know the active password.

creating another account and placing it in the administrators group should only be done for accountability. if someone other than yourself truly needs local administrator privelidges, then this is the correct practice. with his own admin account you can track access through the logfiles.

hope this helps :)
0
 
ViRoyCommented:


incase of a breach i would first and immediatley remove the server from the network, then scan and assess damage. spyware scanners alone will not suffice for sensitive data. incase of a remote attack from the internet.... the kernel needs to be inspected too, run a system repair to insure a root hack was not performed as these will not show as a virus or spyware. (root hack is terminology used when someone modifies the core of the computer instead of simply installing a backdoor or virus)

right before it was placed back on the network i would then change the administrator password and any other that are high security (power users, backup operators....)
0
 
mtpcbypcCommented:
Older backup programs often need to know a password to perform a successful backup job.  Look into this before you go too many days without a good backup
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now