How Does One Discover Where An Old Network Admin Is Using His Password?

Posted on 2007-10-09
Last Modified: 2013-12-04

I have just taken over someone else's network and while I have many years experience I have always been the one to build out networks. I would like to know if there is any way to trace if and where the old Admin's password is being used, unfortunately I cannot afford to disable the account to see what stops working as it is a high use, high volume network.

Thank you very much,
Question by:jimmlegs
    LVL 9

    Expert Comment

    Auditing is almost certainly your best (and possibly only) bet.

    To confirm though, your terminology is confusing me -- when you say "where the old Admin's password is being used", do you mean where the previous admin. is still logging on or, perhaps, automated logons that have those credentials cached?
    LVL 5

    Expert Comment

    You would need to scour the security event logs on any domain controllers to find what machines this logon is originating from.
    LVL 30

    Accepted Solution

    If you're specifically looking for services for which the account in question is being used as a service account, try the following script which will enumerate service accounts in use on servers on your network that are running under a particular account:

    (Yo, dwells, this is -your- script, why am -I- giving it as an answer?  ;-))
    LVL 1

    Expert Comment

    Or are you simply looking for his password?  If the account is already logged on, it's as simple as going into the control panel and changing it to whatever you desire.  Not exactly sure what your asking.
    LVL 9

    Assisted Solution

    .... hmphhhhhhh ... you're the one giving it because *I* don't randomly post solutions, I ask first ... so nur nur nee nur nur ... hehehe :0)

    PS - I don't know how old that version is on Jerold's old site, a more recent version can be found here -

    LVL 4

    Author Comment

    Thanks a lot for the script! Sorry it took so long, I just started this gig.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
    No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now