[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How Does One Discover Where An Old Network Admin Is Using His Password?

Posted on 2007-10-09
6
Medium Priority
?
164 Views
Last Modified: 2013-12-04
Hello,

I have just taken over someone else's network and while I have many years experience I have always been the one to build out networks. I would like to know if there is any way to trace if and where the old Admin's password is being used, unfortunately I cannot afford to disable the account to see what stops working as it is a high use, high volume network.

Thank you very much,
0
Comment
Question by:jimmlegs
6 Comments
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20040393
Auditing is almost certainly your best (and possibly only) bet.

To confirm though, your terminology is confusing me -- when you say "where the old Admin's password is being used", do you mean where the previous admin. is still logging on or, perhaps, automated logons that have those credentials cached?
0
 
LVL 5

Expert Comment

by:cpottercpotter
ID: 20040423
You would need to scour the security event logs on any domain controllers to find what machines this logon is originating from.
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 1000 total points
ID: 20040465
If you're specifically looking for services for which the account in question is being used as a service account, try the following script which will enumerate service accounts in use on servers on your network that are running under a particular account:

http://www.jsifaq.com/SF/Tips/Tip.aspx?id=5721

(Yo, dwells, this is -your- script, why am -I- giving it as an answer?  ;-))
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
LVL 1

Expert Comment

by:Zkdog
ID: 20040489
Or are you simply looking for his password?  If the account is already logged on, it's as simple as going into the control panel and changing it to whatever you desire.  Not exactly sure what your asking.
0
 
LVL 9

Assisted Solution

by:MSE-dwells
MSE-dwells earned 1000 total points
ID: 20040514
.... hmphhhhhhh ... you're the one giving it because *I* don't randomly post solutions, I ask first ... so nur nur nee nur nur ... hehehe :0)

PS - I don't know how old that version is on Jerold's old site, a more recent version can be found here -

ftp://falcon.msetechnology.com/scripts/svclist.cmd.txt




0
 
LVL 4

Author Comment

by:jimmlegs
ID: 20048631
Thanks a lot for the script! Sorry it took so long, I just started this gig.

Jimmlegs
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question