• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 288
  • Last Modified:

Windows Server 2003 - changing admin password - effects on running services

I am looking at running an exercise across the whole network for all users, including the admin account, to change passwords and increase the number and complexity of characters.

Given that some of my servers run MS SQL/SAP Business One, SQL Express, Blackberry Enterprise Server, Exchange 2003 and all kinds of other nonsense where startup services are tied to the admin account, what is the safe way of changing the admin account password without killing any of the services that depend on it ?

Last time I sandboxed this it created minor havoc...
0
Copyleft
Asked:
Copyleft
  • 2
  • 2
1 Solution
 
oBdACommented:
Do NOT, never, ever, use accounts that are used for interactive logons as service accounts. Create dedicated accounts for each service, and give these accounts only the permissions they require for their specific task. Use complex passwords, and set these passwords to never expire. When you want to change these passwords, you'll then know exactly which services you need to reconfigure.
To clean out your current situation, start by creating service accounts for each service (and don't forget scheduled tasks!) that is started with the admin account, and reconfigure these services. Once this is done, you'll be able to change the admin account's password as often as you feel like doing so, without having to worry about your services coming to a grinding halt.
0
 
CopyleftAuthor Commented:
Fair enough - I inherited this network in its current condition, so I can only work with what's already in place.

Leaving best practice aside for one moment, might manually updating every service tied to the current admin login acccount work ?

I'm not intending to do it this way - just thinking out loud out of curiosity. Your suggested method sounds fine :)
0
 
oBdACommented:
Manually updating each and every service using this account as soon as you've changed the password for the account itself is actually the only option you have. This usually requires a restart of the service as well.
Before you change the password in your current situation, consider changing your account lockout policy (for a limited time) to Never, so that a forgotten service won't lock this account (thus keeping other services from running) if it keeps trying to logon with the old password.
0
 
CopyleftAuthor Commented:
Thanks.

I'm going to try your first suggestion on a sandbox server using yesterday's full disk image backup of one of our main servers.

Once I am happy with it I will tackle the live server.

Points awarded - thanks again :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now